The way I do it is on the check_user I see if a user exists in LDAP and the password matches, then i see if their display name is a user in laconica, if not I register them automatically with information from LDAP in their profile. I also remove the register buttons from the UI.
I also lock down the profile page so users can not change their display name. For non user accounts (or rss bots) I have a config[bots] array that if the login name is in there I bypass the ldap and use local authentication. So just dont let your users register (use an auto registration process on first login) and lock down the profile settings page. That seams to work for me. -Eric Helgeson On Sat, Apr 18, 2009 at 2:36 PM, Jeremy Slade <[email protected]> wrote: > I recently updated to 0.7.3, really digging the plugins. Great job > getting that going. > > I have to replace the authentication to use LDAP instead of the stored > password. It would be nice if that part of the system were supported by > the plugins -- Is that the intent, to have hooks for that part as well > eventually? For now I just put in a call in common_check_user() to go > to my own plugin code. > > Anyhow, the real question I'm after right now: the LDAP auth works fine, > but it requires profile nicknames to match a valid user in the > directory. There's a hole right now where a user can create a profile > with a different nickname (and password) -- no LDAP auth is done during > the account creation step. I'm looking for suggestions on how best to > integrate that. > > Ultimately I want to change the account-creation page to prompt for a > username (with a comment that it has to be a valid directory username), > and only a single password entry (no need for password confirmation in > this case). Then when the form is submitted, it should go through the > authentication step before doing the full account creation. > > Can I take advantage of any of the plugin functionality to help with > this? My guess is no, based on the current plugin callbacks that are > available. What would be the least intrusive method to integrate this > change? I'm more that willing to extend the plugin functionality and > contribute those changes, but it's not clear to me if that fits the > current vision of what plugins should be used for. > > > Thanks, > Jeremy > > > _______________________________________________ > Laconica-dev mailing list > [email protected] > http://mail.laconi.ca/mailman/listinfo/laconica-dev >
_______________________________________________ Laconica-dev mailing list [email protected] http://mail.laconi.ca/mailman/listinfo/laconica-dev
