Nagy Zoltan wrote:
> We want to use our ldap server for authentication. We use it now with apache,
> it works wonderful. But now we want to use midgard too. Is it possible
> together? (midgard+apache+ldap)
>
> Isn't it possible, that midgard checks if the environment variable
> REMOTE_USER is set, if not tries his own authentication method? This way i
> could use my own authentication method with apache, and apache sets the
> REMOTE_USER.
Actually, REMOTE_USER is set way back at the processing change, but I
understand what you mean. What you want is not impossible. The easy
part would be to have midgard accept that other modules do the
authentication checking. The interesting parts are that
1. Midgard uses userids internally, not names. Could be solved by
having Midgard map the pre-authenticated name to an internal ID, but
there will need to be a mapping of name to ID somewhere. You could of
course populate the midgard user database with this mapping but if
you're going to do this you might as well map in the encrypted
passwords and have the problem solved without any changes to the core.
2. I have no clear picture yet of how this will interact with
sitegroups. The little knowledge I have of LDAP says that the userbase
is in essence unsegmented (so no duplicate usernames). Education in the
LDAP arena (force-fed clues and/or reading material) most welcome.
Emile
--
This is The Midgard Project's mailing list. For more information,
please visit the project's web site at http://www.midgard-project.org
To unsubscribe the list, send an empty email message to address
[EMAIL PROTECTED]
