roller-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave <snoopd...@gmail.com>
Subject Re: LDAP auth and Roller accounts
Date Tue, 03 Feb 2009 13:34:17 GMT
On Tue, Feb 3, 2009 at 6:08 AM, David Koelmeyer
<d.koelmeyer@auckland.ac.nz> wrote:
> After a long time trying to get this to work, I've determined that I can use LDAP
> for authorization only if there is a prexisting account created with the Roller admin
> GUI. This is counter to what I was expecting I guess, in that I assumed an LDAP
> authorised user would be let in, dynamically creating a Roller account using info
> from the user's LDAP attributes in the process.
>
> So; if I use the Roller Admin interface to create a user "davekoelmeyer", and create
> the same account in LDAP (uid=davekoelmeyer,ou=People,dc=example,dc=com),
> then the LDAP credentials override whatever I had set when the account was
> created in Roller - works. Without an existing Roller account however, I can't log in
at all.
>
> Would someone be able to confirm if this is by design or am I missing a step
> somewhere? :)

LDAP just stores the user credentials and attributes, you also need an
SSO system to maintain login state. It's been a while since I tried
this but, assuming you have an SSO system, this is how things should
work:

1 - User arrives at Roller and attempts to login or access a protected resource
2 - User directed to SSO system to login
3 - User returns to Roller, Roller recognizes that he is logged in already
4 - Roller asked user to register, pre-populates the form with LDAP
data and does not ask for password
5 - After user registers, things should work as expected

Hope that helps...

- Dave

Mime
View raw message