Emiliano <[EMAIL PROTECTED]> writes:
> Paul Gillingwater wrote:
>
> > Has anyone looked into authenticating Midgard users against an LDAP
> > server?
>
> Not specifically, but I did a pam trial a while ago and pam should be
> able to use ldap. It wasn't release quality, but sorta worked. I don't
> have it anymore (it was a quick hack, didn't save it), but a few days
> of work should be all it takes.
pam + ldap works quite nicely. Actually with pam you can have very
good abstraction of authentication layer. The backend can be smb
domain, ldap or even sql database not to mention few other things.
> > Also, how about modifying the administration interface so that changes to
> > users and passwords is done in an LDAP database? We'd like to centralize
> > authentication, and have Midgard participate too.
>
> That'd have to happen on the PHP level. Mind that repligard
> replication is going to be interesting to get right with the person
> data living in a separate database.
As most authentication databases are distributed, it's possible
for multiple Midgard servers to use same backend.
> > If this isn't already available, we might try to get it working, if
> > someone could point in the right direction (i.e., can it be done with a
> > snippet, or do we need to patch the underlying library.)
>
> I recommend the pam route if it is available on enough platforms.
Linuxen, Solaris and HP/UX use pam at least.
> > in Google a reference to a proposal for using LDAP for the Midgard user
> > repository in a post by Jean-Philippe BRUNON for Midgard 2.0. Does
> > anyone know if the work for implementing this was done, and will it
> > be available in 2.0?
>
> That discussion never really went anywhere. Don't know about 2.0. The
> idea has appeal, but referential integrity is going to require
> thinking about, and we'd also have to think about the mysql queries
> that reference the person table on the side (like get_article, which
> also fetches the author name).
The table can just contain list of persons using Midgard, and the
actual authentication db is separate. This list can be used for
access control also.
-j
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
