Brandorr wrote: > Alan, is there any change that the following can be changed to also > allow mutually authenticated LDAP/S, vs just XMLRPC? > > http://opensolaris.org/os/project/website/website_restructuring/opensolaris_authentication.txt > > I ask, because it would make it easier for non programmers to > integrate central authentication into off the shelf apps.
Not at the moment, no. The problem is that we have an existing (non-LDAP) database that holds user details, page content and page metadata (e.g. parent/child relationships, page editing rights and so on). We can't throw that information away and start over, so the first step is to try to extract the core user, community and group information into a separate database. Hopefully we will be able to release the source of the existing opensolaris.org webapp RSN, so the existing database schema will be available for dissection and discussion. Mapping that to a LDAP schema may well be possible, but I'm not convinced that LDAP will give us everything that we need, at least not without a significant amount of work. If you look at packages such as XWiki for example, although they support LDAP as an authentication mechanism, it appears difficult to get them to use LDAP for authorisation as well. As an aside, I believe LDAPS has been deprecated in favour of the StartTLS operation supported by LDAPv3. -- Alan Burlison -- _______________________________________________ website-discuss mailing list [email protected]
