Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Ticket #634 (closed enhancement: wontfix)

Opened 13 years ago

Last modified 10 years ago

LdapIdentityProvider

Reported by: tim@… Owned by: anonymous
Priority: normal Milestone: 1.x
Component: Identity Version:
Severity: normal Keywords: LDAP Identity
Cc:

Description

Here's a rough LdapIdentityProvider? patch. It allows people to authenticate their users against any LDAP directory assuming that the users are of the type inetorgperson and they have a uid attribute.

There's a lot that can still be done, but I wanted to throw this out now so people can get their hands dirty testing and improving.

I will also attach a small test application. Change the database url and the identity.ldapprovider options to match your environment to get it running.

Attachments

ldapprovider.patch Download (8.5 KB) - added by tim@… 13 years ago.
LdapIdentityProvider?.patch
ldapident.tar.gz Download (17.8 KB) - added by tim@… 13 years ago.
Small Test Application
ldapprovider+load_identity+closer_to_pep8.patch Download (9.3 KB) - added by cduffy@… 13 years ago.
Updated patch (still against 0.9a4)
ldapprovider+rev1142.patch Download (8.7 KB) - added by cduffy@… 13 years ago.
Patch updated against SVN rev 1142; also, much commented-out code removed.
ldapprovider+rev1142+no_excess_debugging.patch Download (8.5 KB) - added by cduffy@… 13 years ago.
Updated patch against svn rev 1142, this time w/o excess logging

Change History

Changed 13 years ago by tim@…

Changed 13 years ago by tim@…

Small Test Application

comment:1 Changed 13 years ago by cduffy@…

Good stuff; applies cleanly and functions with TurboGears 0.9a4 (though the test app needed some tweaking). Any timeline on pushing upstream (ie. enhancements which are intended to be completed before this occurs)? I personally don't need any of the functionality on the planned-yet-unimplemented list, and would be glad just to see it upstream as it exists presently.

comment:2 Changed 13 years ago by cduffy@…

Strike that...

load_identity(self, visit_id) needs to be implemented before this is useful for multipage applications -- otherwise, the user needs to log back in on every page load, and that just doesn't seem like a Good Thing.

I'm trying to hash out an implementation myself. Will update here when I have something working.

comment:3 Changed 13 years ago by godoy

Please, also see that after 0.9a4 -- 1108, IIRC -- there were changes in the Identity API. One of these is removing "visit.id" and using "visit.key" instead, since it allows for more security. Also note that it is in a PEP 8 compliant style. If you miss that, you might get more trouble to make it work ;-)

The Identity Management "document" available at TG's wiki has all the changes needed and #747 has patches for PostgreSQL and MySQL to migrate the database from the old style API to the new one.

comment:4 Changed 13 years ago by godoy

Sorry, the ticket is #737.

Changed 13 years ago by cduffy@…

Updated patch (still against 0.9a4)

Changed 13 years ago by cduffy@…

Patch updated against SVN rev 1142; also, much commented-out code removed.

comment:5 Changed 13 years ago by cduffy@…

godoy, thanks for the heads-up. I believe the patch I just uploaded takes care of these issues. If you wouldn't mind looking at it, I'd appreciate a bit of peer review.

Changed 13 years ago by cduffy@…

Updated patch against svn rev 1142, this time w/o excess logging

comment:6 Changed 13 years ago by jorge.vargas

  • Milestone set to 1.1

comment:7 Changed 12 years ago by alberto

  • Milestone changed from 1.1 to __unclassified__

Batch moved into unclassified from 1.1 to properly track progress on the later

comment:8 Changed 10 years ago by jorge.vargas

  • Milestone changed from __unclassified__ to 1.x

comment:9 Changed 10 years ago by Chris Arndt

  • Status changed from new to closed
  • Resolution set to wontfix

There is a recipe at  http://docs.turbogears.org/1.0/IdentityRecipes#authenticate-against-an-ldap-server that shows how to implement your own custom identity provider with LDAP support. I don't think TG should include more than the default identity providers in its core. Additional identity providers can be released as extension packages.

Closing ticket as "wontfix".

Note: See TracTickets for help on using tickets.