[NBLUG/talk] More LDAP

Lincoln Peters sampln at sbcglobal.net
Mon Sep 24 11:18:13 PDT 2007


On Sep 24, 2007, at 7:05 AM, Joey Moe wrote:

> This sounds really involved. So have you actually got OpenLDAP to  
> authenticate any  of these  services yet?  and if so what facility  
> are you using to authenticate?

I'm planning to use ApacheDS (which is another LDAP server), not  
OpenLDAP.  OpenLDAP was too much of a pain to set up.

The way it worked when I was working with Jetspeed is that I had to  
configure Jetspeed to know the following:
* Which branch of the tree the user ID keys were stored in.
* What field contained the username.
* What field contained the password.
* What hashing algorithm (if any) was used to encrypt the password.

There were a few other Jetspeed-specific fields that needed to be in  
each entry, such as group and role membership.  Interestingly, the  
necessary LDIF file to make this work was provided with Jetspeed, and  
it worked, even though the LDAP client code in Jetspeed was in such a  
bad state that I doubt it had ever been tested!

One interesting side-effect was that by using LDAP, it was possible  
to view all registered Jetspeed users via an LDAP-capable address  
book application.  I used the Mac OS X Address Book (since I was  
working on my MacBook Pro), but I would expect it to work exactly the  
same in Evolution or KAddressBook.


As for the other services, assuming they use the same kind of LDAP  
interface as Jetspeed, I should be able to set up one account for  
each user and have it work on every service.  I think SSU does  
something similar with their registration, webmail, and WebCT  
systems, but I don't know exactly how it works (I don't work for IT).


--
Lincoln Peters  <sampln at sbcglobal.net>

There are no data that cannot be plotted on a straight line if the axis
are chosen correctly.



More information about the talk mailing list