[NBLUG/talk] More LDAP

[Joey Moe]

Sorry...I have a thick skull. You keep telling me you aren't using OpenLDAP. I'll take a look at ApacheDS. Right now I'm just working with sendmail and dovecot and trying to get internal mail for the house. once I get it working, I'm going to take another stab at LDAP authentication.

I'm planning to use ApacheDS (which is another LDAP server), not  
OpenLDAP.  OpenLDAP was too much of a pain to set up.

The way it worked when I was working with Jetspeed is that I had to  
configure Jetspeed to know the following:
* Which branch of the tree the user ID keys were stored in.
* What field contained the username.
* What field contained the password.
* What hashing algorithm (if any) was used to encrypt the password.

There were a few other Jetspeed-specific fields that needed to be in  
each entry, such as group and role membership.  Interestingly, the  
necessary LDIF file to make this work was provided with Jetspeed, and  
it worked, even though the LDAP client code in Jetspeed was in such a  
bad state that I doubt it had ever been tested!

One interesting side-effect was that by using LDAP, it was possible  
to view all registered Jetspeed users via an LDAP-capable address  
book application.  I used the Mac OS X Address Book (since I was  
working on my MacBook Pro), but I would expect it to work exactly the  
same in Evolution or KAddressBook.


As for the other services, assuming they use the same kind of LDAP  
interface as Jetspeed, I should be able to set up one account for  
each user and have it work on every service.  I think SSU does  
something similar with their registration, webmail, and WebCT  
systems, but I don't know exactly how it works (I don't work for IT).


--
Lincoln Peters  

There are no data that cannot be plotted on a straight line if the axis
are chosen correctly.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://nblug.org/pipermail/talk/attachments/20070924/97e7ad1f/attachment.htm