Aaron, Excellent points (and thanks for responding :) ).
Unfortunately, we are integrating our site with two third party apps which also require user authentication. We could maintain userid/passwords within each app, but then pw admin becomes a nightmare (the back-end apps don't provide an API for updating passwords). As it turns out both of our "back-end" apps support LDAP authentication. This means that if a user changes thier own password, and we go with LDAP, all three (Turbine and the two other apps) are in sync. As for connection pooling, I really don't see that much interraction with the LDAP server. At login we authenticate (bind), and that's it. This is a great point however, and I wish that JNDI supported pooling. We also may be shipping our product to companies that already authenticate using LDAP, and we would like to simply point to their LDAP server. Give all of this, unless someone can see something I've missed, I think I pretty much need LDAP authentication. Nice idea on that last point. Any ideas on how to authenticate programmatically within Turbine? -Mitch -----Original Message----- From: Aaron Smuts [mailto:[EMAIL PROTECTED]] Sent: Friday, February 01, 2002 2:08 PM To: Turbine Developers List; 'Turbine Users List' Cc: Dan Sojka; Brian Reaves Subject: RE: LDAP Authentication Out of scope, but why are you using LDAP? Do you already have other applications using it? No criticism implied. I just want to know. We started using LDAP at my company and just got rid of it. It didn't provide us with much and we had trouble pooling the connections. It became a password repository after a while and then we just phased it out by storing the passwords in the database as users logged in. After a while we started hitting the database before LDAP to speed things up, and only going to LDAP if the password wasn't in the db. We didn't have nay applications that couldn't get to the production database but could use LDAP, so it served no purpose. We didn't need to distribute the login load and it didn't really help do this since there were roles and permissions and ACL data that need to be loaded from the database for each login anyway. So we saved the $.25 or whatever the per user license was on LDAP. If it is an emergency, for the time being, you can just hit LDAP using the netscape libraries and then authenticate redundantly in Turbine using the information pulled from LDAP, I suppose. Just curious. Aaron > -----Original Message----- > From: Mitchell Christensen [mailto:[EMAIL PROTECTED]] > Sent: Friday, February 01, 2002 4:49 PM > To: 'Turbine Users List'; '[EMAIL PROTECTED]' > Cc: Dan Sojka; Brian Reaves > Subject: RE: LDAP Authentication > > Eric, > > Thanks for replying. > > Since my last posting I've been poking around a bit and did notice that > LDAPSecurityService is in fact stubbed out. As to your question. I think > I > have no choice but to make it work for my project, and I'd be happy to > contribute. After looking at the code, I'm wondering if this shouldn't be > implemented using the om/peer model, but that is meant solely for RDBMS > right now (correct? Its a different discussion altogether, but why can't > objects be mapped to LDAP as well?). For now I was thinking about simply > putting the JNDI calls directly in the LDAPSecurityService. > > Also, the current implementation won't bind (authenticate) against > Netscape > Directory Server. I understand the problem, but won't go into it here > because it is somewhat long-winded. There will need to be a change or two > to the LDAPUserManager as well. > > Would it be fare to ask for a brain dump from anyone who has thoughts on > how > this should be done in exchange for building the LDAP interface and > submitting? I noticed that Jason van Zyl, Leonard Flournoy, Tracy > Adewunmi > and Rafal Krzewski were listed as original authors. Are they still > around? > Is there some original design notes, etc. that might be of use? > > I know this is a lot to ask, but I'm behind schedule, and I need to get > this > working ASAP. > > I'm going to cross-post this to turbine-dev since that is probably where > this thread should be anyways. > > Thanks, > Mitch > > -----Original Message----- > From: Eric Dobbs [mailto:[EMAIL PROTECTED]] > Sent: Friday, February 01, 2002 12:03 PM > To: Turbine Users List > Subject: Re: LDAP Authentication > > > On Thursday, January 31, 2002, at 08:27 AM, Mitchell Christensen wrote: > > > I searched the archives and found some messages > > from Jason van Zyl stating that LDAP authentication doesn't work. Can > > someone confirm/deny this? > > confirmed. LDAP stuff is broken. Interested in volunteering to fix it? > > -Eric > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > -- > To unsubscribe, e-mail: <mailto:turbine-dev- > [EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:turbine-dev- > [EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
