[jifty-devel] proposal for Jifty::Plugin::Authentication::Ldap modifications
Jesse Vincent
jesse at bestpractical.com
Tue Sep 14 09:47:41 EDT 2010
That sounds great to me.
"Stanislav Sinyagin" <ssinyagin at yahoo.com> wrote:
>hi,
>
>I need to authenticate users against the corporate MS Active Directory, and also
>
>authorize them based on group membership.
>
>A static account for binding and searching is not available, therefore AuthzLDAP
>is
>
>difficult to use.
>
>Here's a proposal, please let me know if it fits your philosophy, and then I'll
>make
>
>a fork at Github:
>
>
>1. Allow MS style binding: DN=username at domain.com
>This simplifies the thing, as we don't need to know the whole AD hierarchy
>structure.
>Works with most activedirectory servers.
>
>2. Allow hooks in Action::LDAPLogin.
>I want to look up the user's group membership right at the spot when the LDAP
>session is created and authenticated.
>Based on that lookup, I would update the user's fields, like "is_administrator".
>Such things are much site-specific, so it doesn't make much sense to put them
>into the
>
>public plugin. Of course, I would give an example in the documentation.
>
>
>
>cheers,
>stan
>_______________________________________________
>jifty-devel mailing list
>jifty-devel at lists.jifty.org
>http://lists.jifty.org/cgi-bin/mailman/listinfo/jifty-devel
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
More information about the jifty-devel
mailing list