[geeklog-devel] Add/Edit user and access to remoteservice field

[Blaine Lang]

Hi Michael,

I agree and understand changing a user who was added via blogger to 
another service would not work but I don't think you answered or 
understood my real question/scenario.

If I manually created a user and specified a 3rd party authentication 
like LDAP then agree, you would not add their password. I would like to 
pre-create a number of LDAP accounts and setup their group memberships. 
I may also want to convert an account from remote 3rd party 
authentication to a local user and then be forced to set a password. I 
can not do either today.

Blaine

Michael Jervis wrote:

> On 19/07/07, Blaine Lang <devel at portalparts.com> wrote:

>> Currently you can not add a new user and specify the remoteservice

>> option, nor can you edit a user and change this.

>> Is there any reason, we would not do allow that user admin option?

>

> Yes, the registration of that feature is recorded on the basis that

> the user has selected to authenticate against, say, blogger.com. If

> you change that, then it would make them try and authenticate against,

> say, livejournal.com, which is not a valid action to perform.

> THEMike at blogger and THEMike at livejournal are two separate people, and

> neither of them are me however THEMike at snakenet (i've got a snakenet

> auth class in my install) is me. it would be invalid to change the

> drop down to indicate I was THEMike at livejournal, and when I tried to

> login then it would fail as I'd be authenticating against another

> source.

>

>> Reason: If we created say an LDAP authentication class, I may still want

>> to create local login accounts and maybe even create users that will

>> login later via LDAP that have not yet logged in so I can setup their

>> permissions.

>

> I'd say that would need to be implemented in another way. Using LDAP

> to authenticate core users, instead of UID/PWD in the gl_users table.

> Or rather, auth everyone who isn't at a specific other remote service

> against LDAP and transparently create (or associate to pre-existing)

> local accounts.

>

> Mike

> _______________________________________________

> geeklog-devel mailing list

> geeklog-devel at lists.geeklog.net

> http://eight.pairlist.net/mailman/listinfo/geeklog-devel

>

>