Greg Cooper wrote, On 12-03-2007 17:03: > Is anyone using LDAP to authenticate users on the web interface? > > if so, how did you go about doing it?
First of all, take a look at this URL: http://metanav.ntnu.no/moin.cgi/LdapAuthentication Second of all, NAVs LDAP authentication ability is somewhat limited yet. It was modeled after the LDAP schema used at NTNU, and isn't quite configurable enough to suit any kind of LDAP schema people might care to implement. Specifically, NAV will grant access to all users in the configured subtree, which is not always desirable. At NTNU there were separate subtrees of user accounts for different systems; there was also a subtree of NAV accounts which contained only a fraction of the total amount of users. It also makes assumptions about which attributes are used to store account names and user names, etc. Fixing this isn't a very high priority at the moment, but if anybody cares to do something about it, the code is located in subsystem/webFront/lib/nav/web/ldapAuth.py . Patches will be greatly appreciated :) -- mvh Morten Brekkevold UNINETT _______________________________________________ nav-users mailing list [email protected] http://mailman.itea.ntnu.no/mailman/listinfo/nav-users
