W dniu 01.09.2014 16:27, Oliver Welter pisze: > Hello Pawel, > >> Is it possible to also add some external authenticators (perl >> scripts) to the upstream and include them in installable packages for >> Linux distros you support? If so, then I could do most of the job, >> just need some hints where to put the code and how to add it to >> packaging. > > We will need to do some documentation on the external connector but I do > not assume that we will ship a set of scripts with it beside some > examples as this is far to specific. The basic methods will go into > Conenctor Plugins as this is our main focus. > > Some hints to point you into the right direction: > > Put this into auth/handler.yaml > > MyHandler: > type: External > label: My Auth Handler > command: /path/to/your/script > role: 'RA Operator' > env: > LOGIN: __USER__ > PASSWD: __PASSWD__ >
Thanks, got it working. > Your Script know can read the username and password the user gave at the > login form from the shells environment in "LOGIN" an "PASSWD", you are > free to use any other key. If your script sets an exitcode of "0", the > login is considered successful. The role is set to "RA Operator". > > regards > > Oliver > The script I have currently takes all possible configuration params via commandline or environment variables (for sensitive data) so I believe it's quite generic. All configuration parameters (such as LDAP database URI, group restriction, LDAP filter parameters and other options) may be stored in auth/handler.yaml and passed to the script via CLI. It's also able to retrieve and print arbitrary user attribute stored in LDAP directory (this may be used for dynamic role assignment). CLI is documented, extensive debugging is available. Best regards! -- Paweł Tomulik ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
