Hi Theodoros: On Thu, 13 Mar 2008, Theodoropoulos Theodoros wrote:
> We were wondering how easy/difficult it would be for us to implement > LDAP authentication with Invenio... Should be relatively easy... E.g. EPFL uses LDAP. CC-ing the mailing list. > From what I remember, at CERN you're currently using an 'external > authentication method'. Is that LDAP-based? Nope, it's a kind of custom webservice-based authentication thing. And soon we shall be using Single Sign-On with Shibboleth at CERN. > Are the appropriate features already built in Invenio or tons extra > code is required? Mind you, we definitely need secure LDAP (over > SSL?) and access to at least 2 LDAP servers (ie. If not found in > LDAP server1 look in LDAP server2). > > In the 0.92.1 version there was an 'external_authentication_ldap.py' > file that contained some example code. How much work is required to > make it work with the requirements I mentioned above? The example code in external_authentication_ldap.py might need some custom adaptation depending on your local LDAP setup. Also, checking two servers might need some non-trivial but doable "cloning"... Greg, do you have any non-committed updates to the new LDAP authentication plugin in CVS? The core code there dates from 2007/07/23 14:23:55. > Could it be used in conjunction with the standard authentication > scheme? (ie. could the admin' user be verified by our local SQL?) Yes, you can have several authentication schemes co-existing. (Except with SSO that needs to be an exclusive authentication scheme.) Best regards -- Tibor Simko ** CERN Document Server ** <http://cds.cern.ch/>
