[Freedombox-discuss] LDAP
Jonas Smedegaard
dr at jones.dk
Sat Dec 28 01:41:47 UTC 2013
Quoting Nick Daly (2013-12-28 02:08:39)
> Bdale Garbee <bdale at gag.com> writes:
>
>> Jonas Smedegaard <dr at jones.dk> writes:
>>
>>> Ok. Makes good sense to mandate use of shared auth mechanism. Not
>>> convinced LDAP is the ideal for that, though.
>>
>> ...Clearly not critical path, but this is another possible task for
>> someone out there reading who would like a modest project that could
>> help us out in the long term.
>>
>> What I think we can effectively use LDAP for is to manage the
>> information associated with identities. Users, what access rights
>> they should have, etc, in an application-neutral way that we can
>> potentially wrap some plinth UI goodness around eventually.
>
> It should also be possible to use these sorts of ACLs to create
> application-specific data-stores (among other things, to keep
> applications from snooping on one another's data). Keeping data
> separated is a related, but different, issue from the problem of
> separating processes ("the LXC/VM issue").
Which applications do you have in mind which stores their data in LDAP?
Or do you envision (even more!) applications written from scratch
specific for FreedomBox?
> So, does anybody know any good LDAP-enabled services we can use? I
> tried to move a wiki service into Plinth (ikiwiki, via [0]), but
> immediately ran into the problem that ikiwiki knows nothing about
> authentication mechanisms other than its own. I'm checking on the
> ikiwiki IRC channel and their forums, but very few wiki services
> (other than MediaWiki, which feels like overkill) are aware of LDAP.
Not sure what you mean by "knows nothing [...] other than its own."
Here's a list of auth plugins: https://ikiwiki.info/plugins/type/auth/
I have not played with it myself, but believe you should be able to use
either httpauth plugin + libapache module or unixauth + PAM module.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20131228/32553503/attachment.sig>
More information about the Freedombox-discuss
mailing list