[geeklog-devel] 'Fallback to local login' and 'no service selector' options

Blank, Jessica Jessica.Blank at mtvnmix.com
Thu Mar 6 16:16:35 EST 2008

Definitely, we can talk after 1.5.0 is released. And thank you for incorporating the 'hide the service selector if there's only one selection' option. :)

As for fallbacks to local logins... Well, the reason I asked about that feature is because of a situation that has come up:

Right now, we have access via LDAP authentication to the entire LDAP server's worth of data. And we have at least one local account that's important-- namely, 'Admin'.

If I remove the service selector, there's no way for 'Admin' to log in.

If I DON'T remove the service selector, users get confused.

As an alternative to these, I suppose I could make one (or more) of the LDAP users members of the root group... I think?


-----Original Message-----
From: geeklog-devel-bounces at lists.geeklog.net on behalf of Dirk Haun
Sent: Thu 3/6/2008 3:48 PM
To: geeklog-devel
Subject: Re: [geeklog-devel] 'Fallback to local login' and 'no service selector' options
Blank, Jessica wrote:

>But this would be a nice feature for enterprise users (such as MTV) with
>only one auth method and a plethora of users who don't know/don't care
>what auth method they use, they just are used to entering 'their
>username' and 'their password' and having it work (or not). :)

I see your point (I can actually think of quite a few people at work
who, when asked to "login in with your LDAP password" would respond with
a blank stare). However, does it really require that much effort to
modify the login form? I would assume you're going to modify the theme
anyway, so it would only require one more modifcation.

>When this option is selected, the
>login method selected would be tried first-- but if that failed, it
>would try a local login next. (If THAT fails, the login fails, obviously.)

Again, I can see the point but it's a very specialised option. Plus, the
thought of testing two accounts with one login attempt makes me nervous
from a security point of view. It should probably count the failed login
attempt nonetheless.

>Would these two patches be accepted should I submit them? These are
>options which I believe woul be useful to enterprise users.

At least not for 1.5.0. We need to get this thing finished and released.
I'll clean up what I started with your patch for disabling the standard
login (i.e. hide the dropdown if it's not needed) and I'll happily throw
in the LDAP module (especially since that doesn't require any code
changes) but we'll have to stop there for this release. We still have a
lot left to do.

Let's talk about it again once 1.5.0 is out, okay?

bye, Dirk


geeklog-devel mailing list
geeklog-devel at lists.geeklog.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20080306/cc1d91eb/attachment.html>

More information about the geeklog-devel mailing list