[Freedombox-discuss] LDAP

Jonas Smedegaard dr at jones.dk
Sat Dec 28 01:41:47 UTC 2013 

Quoting Nick Daly (2013-12-28 02:08:39)
> Bdale Garbee <bdale at gag.com> writes:
> 
>> Jonas Smedegaard <dr at jones.dk> writes:
>>
>>> Ok.  Makes good sense to mandate use of shared auth mechanism.  Not 
>>> convinced LDAP is the ideal for that, though.
>>
>> ...Clearly not critical path, but this is another possible task for 
>> someone out there reading who would like a modest project that could 
>> help us out in the long term.
>>
>> What I think we can effectively use LDAP for is to manage the 
>> information associated with identities.  Users, what access rights 
>> they should have, etc, in an application-neutral way that we can 
>> potentially wrap some plinth UI goodness around eventually.
>
> It should also be possible to use these sorts of ACLs to create 
> application-specific data-stores (among other things, to keep 
> applications from snooping on one another's data).  Keeping data 
> separated is a related, but different, issue from the problem of 
> separating processes ("the LXC/VM issue").

Which applications do you have in mind which stores their data in LDAP?  
Or do you envision (even more!) applications written from scratch 
specific for FreedomBox?


> So, does anybody know any good LDAP-enabled services we can use?  I 
> tried to move a wiki service into Plinth (ikiwiki, via [0]), but 
> immediately ran into the problem that ikiwiki knows nothing about 
> authentication mechanisms other than its own.  I'm checking on the 
> ikiwiki IRC channel and their forums, but very few wiki services 
> (other than MediaWiki, which feels like overkill) are aware of LDAP.

Not sure what you mean by "knows nothing [...] other than its own."

Here's a list of auth plugins: https://ikiwiki.info/plugins/type/auth/

I have not played with it myself, but believe you should be able to use 
either httpauth plugin + libapache module or unixauth + PAM module.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20131228/32553503/attachment.sig>

More information about the Freedombox-discuss mailing list