Ticket #634 (new enhancement)

Opened 3 years ago

Last modified 1 year ago

LdapIdentityProvider

Reported by: tim@digital-achievement.com Assigned to: anonymous
Priority: normal Milestone: __unclassified__
Component: Identity Version:
Severity: normal Keywords: LDAP Identity
Cc:

Description

Here's a rough LdapIdentityProvider? patch. It allows people to authenticate their users against any LDAP directory assuming that the users are of the type inetorgperson and they have a uid attribute.

There's a lot that can still be done, but I wanted to throw this out now so people can get their hands dirty testing and improving.

I will also attach a small test application. Change the database url and the identity.ldapprovider options to match your environment to get it running.

Attachments

ldapprovider.patch (8.5 kB) - added by tim@digital-achievement.com on 03/01/06 01:25:37.
LdapIdentityProvider?.patch
ldapident.tar.gz (17.8 kB) - added by tim@digital-achievement.com on 03/01/06 01:26:18.
Small Test Application
ldapprovider+load_identity+closer_to_pep8.patch (9.3 kB) - added by cduffy@spamcop.net on 04/12/06 08:13:41.
Updated patch (still against 0.9a4)
ldapprovider+rev1142.patch (8.7 kB) - added by cduffy@spamcop.net on 04/13/06 12:36:15.
Patch updated against SVN rev 1142; also, much commented-out code removed.
ldapprovider+rev1142+no_excess_debugging.patch (8.5 kB) - added by cduffy@spamcop.net on 04/13/06 12:52:07.
Updated patch against svn rev 1142, this time w/o excess logging

Change History

03/01/06 01:25:37 changed by tim@digital-achievement.com

  • attachment ldapprovider.patch added.

LdapIdentityProvider?.patch

03/01/06 01:26:18 changed by tim@digital-achievement.com

  • attachment ldapident.tar.gz added.

Small Test Application

04/07/06 17:14:44 changed by cduffy@spamcop.net

Good stuff; applies cleanly and functions with TurboGears 0.9a4 (though the test app needed some tweaking). Any timeline on pushing upstream (ie. enhancements which are intended to be completed before this occurs)? I personally don't need any of the functionality on the planned-yet-unimplemented list, and would be glad just to see it upstream as it exists presently.

04/11/06 12:04:05 changed by cduffy@spamcop.net

Strike that...

load_identity(self, visit_id) needs to be implemented before this is useful for multipage applications -- otherwise, the user needs to log back in on every page load, and that just doesn't seem like a Good Thing.

I'm trying to hash out an implementation myself. Will update here when I have something working.

04/12/06 05:39:19 changed by godoy

Please, also see that after 0.9a4 -- 1108, IIRC -- there were changes in the Identity API. One of these is removing "visit.id" and using "visit.key" instead, since it allows for more security. Also note that it is in a PEP 8 compliant style. If you miss that, you might get more trouble to make it work ;-)

The Identity Management "document" available at TG's wiki has all the changes needed and #747 has patches for PostgreSQL and MySQL to migrate the database from the old style API to the new one.

04/12/06 05:40:37 changed by godoy

Sorry, the ticket is #737.

04/12/06 08:13:41 changed by cduffy@spamcop.net

  • attachment ldapprovider+load_identity+closer_to_pep8.patch added.

Updated patch (still against 0.9a4)

04/13/06 12:36:15 changed by cduffy@spamcop.net

  • attachment ldapprovider+rev1142.patch added.

Patch updated against SVN rev 1142; also, much commented-out code removed.

04/13/06 12:40:54 changed by cduffy@spamcop.net

godoy, thanks for the heads-up. I believe the patch I just uploaded takes care of these issues. If you wouldn't mind looking at it, I'd appreciate a bit of peer review.

04/13/06 12:52:07 changed by cduffy@spamcop.net

  • attachment ldapprovider+rev1142+no_excess_debugging.patch added.

Updated patch against svn rev 1142, this time w/o excess logging

09/22/06 17:21:41 changed by jorge.vargas

  • milestone set to 1.1.

03/28/07 12:42:11 changed by alberto

  • milestone changed from 1.1 to __unclassified__.

Batch moved into unclassified from 1.1 to properly track progress on the later