[NBLUG/talk] More LDAP
Lincoln Peters
sampln at sbcglobal.net
Mon Sep 24 11:18:13 PDT 2007
On Sep 24, 2007, at 7:05 AM, Joey Moe wrote:
> This sounds really involved. So have you actually got OpenLDAP to
> authenticate any of these services yet? and if so what facility
> are you using to authenticate?
I'm planning to use ApacheDS (which is another LDAP server), not
OpenLDAP. OpenLDAP was too much of a pain to set up.
The way it worked when I was working with Jetspeed is that I had to
configure Jetspeed to know the following:
* Which branch of the tree the user ID keys were stored in.
* What field contained the username.
* What field contained the password.
* What hashing algorithm (if any) was used to encrypt the password.
There were a few other Jetspeed-specific fields that needed to be in
each entry, such as group and role membership. Interestingly, the
necessary LDIF file to make this work was provided with Jetspeed, and
it worked, even though the LDAP client code in Jetspeed was in such a
bad state that I doubt it had ever been tested!
One interesting side-effect was that by using LDAP, it was possible
to view all registered Jetspeed users via an LDAP-capable address
book application. I used the Mac OS X Address Book (since I was
working on my MacBook Pro), but I would expect it to work exactly the
same in Evolution or KAddressBook.
As for the other services, assuming they use the same kind of LDAP
interface as Jetspeed, I should be able to set up one account for
each user and have it work on every service. I think SSU does
something similar with their registration, webmail, and WebCT
systems, but I don't know exactly how it works (I don't work for IT).
--
Lincoln Peters <sampln at sbcglobal.net>
There are no data that cannot be plotted on a straight line if the axis
are chosen correctly.
More information about the talk
mailing list