[geeklog-devel] Add/Edit user and access to remoteservice field

Blaine Lang devel at portalparts.com
Thu Jul 19 15:03:50 EDT 2007


Hi Michael,

I agree and understand changing a user who was added via blogger to 
another service would not work but I don't think you answered or 
understood my real question/scenario.

If I manually created a user and specified a 3rd party authentication 
like LDAP then agree, you would not add their password. I would like to 
pre-create a number of LDAP accounts and setup their group memberships. 
I may also want to convert an account from remote 3rd party 
authentication to a local user and then be forced to set a password. I 
can not do either today.

Blaine

Michael Jervis wrote:
> On 19/07/07, Blaine Lang <devel at portalparts.com> wrote:
>> Currently you can not add a new user and specify the remoteservice
>> option, nor can you edit a user and change this.
>> Is there any reason, we would not do allow that user admin option?
>
> Yes, the registration of that feature is recorded on the basis that
> the user has selected to authenticate against, say, blogger.com. If
> you change that, then it would make them try and authenticate against,
> say, livejournal.com, which is not a valid action to perform.
> THEMike at blogger and THEMike at livejournal are two separate people, and
> neither of them are me however THEMike at snakenet (i've got a snakenet
> auth class in my install) is me. it would be invalid to change the
> drop down to indicate I was THEMike at livejournal, and when I tried to
> login then it would fail as I'd be authenticating against another
> source.
>
>> Reason: If we created say an LDAP authentication class, I may still want
>> to create local login accounts and maybe even create users that will
>> login later via LDAP that have not yet logged in so I can setup their
>> permissions.
>
> I'd say that would need to be implemented in another way. Using LDAP
> to authenticate core users, instead of UID/PWD in the gl_users table.
> Or rather, auth everyone who isn't at a specific other remote service
> against LDAP and transparently create (or associate to pre-existing)
> local accounts.
>
> Mike
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://eight.pairlist.net/mailman/listinfo/geeklog-devel
>
>



More information about the geeklog-devel mailing list