[jifty-devel] proposal for Jifty::Plugin::Authentication::Ldap modifications
jesse at bestpractical.com
Tue Sep 14 09:47:41 EDT 2010
That sounds great to me.
"Stanislav Sinyagin" <ssinyagin at yahoo.com> wrote:
>I need to authenticate users against the corporate MS Active Directory, and also
>authorize them based on group membership.
>A static account for binding and searching is not available, therefore AuthzLDAP
>difficult to use.
>Here's a proposal, please let me know if it fits your philosophy, and then I'll
>a fork at Github:
>1. Allow MS style binding: DN=username at domain.com
>This simplifies the thing, as we don't need to know the whole AD hierarchy
>Works with most activedirectory servers.
>2. Allow hooks in Action::LDAPLogin.
>I want to look up the user's group membership right at the spot when the LDAP
>session is created and authenticated.
>Based on that lookup, I would update the user's fields, like "is_administrator".
>Such things are much site-specific, so it doesn't make much sense to put them
>public plugin. Of course, I would give an example in the documentation.
>jifty-devel mailing list
>jifty-devel at lists.jifty.org
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
More information about the jifty-devel