[geeklog-devel] The core of a very simple LDAP plugin, and an LDAP remote authentication class that uses it

Blank, Jessica Jessica.Blank at mtvnmix.com
Wed Mar 5 14:34:24 EST 2008


-grin- Donno about the marketing bit, but we've been using Geeklog for quite some time! :)

-----Original Message-----
From: geeklog-devel-bounces at lists.geeklog.net on behalf of Michael Jervis
Sent: Wed 3/5/2008 1:25 PM
To: Geeklog Development
Subject: Re: [geeklog-devel] The core of a very simple LDAP plugin,and an LDAP remote authentication class that uses it
 
>  Btw, here's an intersting little problem on the side: Assume I already
>  have a (local) user and want to make them a Remote User (using the LDAP
>  module) now. How would I do that?
>
>  Mike?
>
>  What else, other than adding the user to the Remote Users group (which
>  you can't even do from Geeklog since the checkbox is disabled), would
>  need to be done?

OK so having a /glance/ at the LDAP module and being full of a head
cold at the moment so highly likely to be missing something...

The LDAP plugin provides AUTHENTICATION of users but not
AUTHORISATION, and is done via being a plugin for the Remote
Authentication module.

The net result will be an entry in gl_users for each LDAP
authenticated user, who will by default inherit the Remote Users group
as all Remote Authentication users do. You will always of course have
a properly local admin user, so, what you would need to do is:

1) Install Geeklog as normal
2) Install the LDAP auth class.
3) Enable remote authentication.
4) Login as your LDAP account to create a local copy of that account.
5) Login as Geeklog's local Admin account.
6) Grant admin/root groups membership to your key LDAP account.
7) Disable non-LDAP based authentication

Job (as we say in Yorkshire) is a good'un. You can then authenticate
via LDAP as a Geeklog Root user and then pass on additional privileges
as required to additional LDAP authenticated users.

How would you migrate a local user to LDAP?

UPDATE gl_users SET remoteusername='(ldapusername)',
remoteservice='LDAP' WHERE uid=(xxx)

Of course if all GL user accounts were mass-migrated into an LDAP repository:

UPDATE gl_users SET remoteusername=username, remoteservice='LDAP' WHERE uid <> 1

(preserving the admin account as a local fallback)

And insert a mapping for them into the Remote Users group.

(Hey, and can we add "As used by MTV" to our advertising, or would
that drive off our traditional user-base? ;-))
_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://eight.pairlist.net/mailman/listinfo/geeklog-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20080305/bdb9f7af/attachment.html>


More information about the geeklog-devel mailing list