Re: Invenio and secure LDAP?

Thu, 13 Mar 2008 11:35:59 +0100 

Hi Theodoros,
We indeed use the LDAP authentication method. This login method is provided by external_authentication_ldap.py, which has been commited in invenio's CVS. We did not modified it since then. However, you'll have to modify a bit the code (e.g. provide the address of your own ldap server) 
Le 13 mars 08 à 11:06, Tibor Simko a écrit :



Are the appropriate features already built in Invenio or tons extra
code is required? Mind you, we definitely need secure LDAP (over
SSL?) and access to at least 2 LDAP servers (ie. If not found in
LDAP server1 look in LDAP server2).


In the 0.92.1 version there was an 'external_authentication_ldap.py'
file that contained some example code. How much work is required to
make it work with the requirements I mentioned above?





You can of course mention several servers (l. 63:  
CFG_EXTERNAL_AUTH_LDAP_SERVERS = ['ldap://scoldap.epfl.ch'] => the  
system will loop over the element sof this list if first one fails.)
If you want to use secure ldap (we don't, as Infoscience is on the  
same protected subnet as our ldap server), you can use the API  
provided by python-ldap. You'll have to make some minor modifications  
(basically add 3 lines, specifying the certificate). You can find  
examples on this page: http://armyofevilrobots.com/node/393. The  
official documentation is located here: http://python-ldap.sourceforge.net/doc/python-ldap/index.html



Our example code is tailored to our own ldap architecture, but it  
should be quite easy to make it compatible with yours (I documented  
our architecture in the code in order to help people understand the  
whole library).



Using this library, we offer the possibility to log in using 3 kind of  
usernames (id like 128933, username like grfavre or email). We also  
get the usergroups directly from our ldap server.


Best regards,
Greg

____________________________________________________________________

Gregory Favre
Coordinateur Infoscience
École Polytechnique Fédérale de Lausanne
KIS - DIT
Case Postale 121
CH-1015 Lausanne
+41 21 693 22 88
+ 41 79 526 52 13
[email protected]
http://plan.epfl.ch/?sciper=128933
____________________________________________________________________

























					Reply via email to