[OPEN-ILS-DEV] SPAM Re: LDAP Authentication Ideas

Fri Dec 4 15:20:17 EST 2009

Multiple LDAP targets that depend on OU information will block the
development of a feature to, say, add a new EG user on the fly when
otherwise valid LDAP credentials are supplied.  Either that or the UI will
have to prompt the user to self-identify their OU.

--joe

On Fri, Dec 4, 2009 at 2:38 PM, Duimovich, George <
George.Duimovich at nrcan-rncan.gc.ca> wrote:

>
> Dan/Mike,
>
> We'd have the same requirements here at NRCan Library, since we could
> forsee being in a consortial environment somewhere down the road. And as
> noted in an earlier thread http://markmail.org/message/kkqmk6n4to7xj6ay we
> have users with and without LDAP access (but I think that seems covered in
> the 'napkin' sketch)..
>
> George Duimovich
> NRCan Library / Bibliothèque de RNCan
>
>
> -----Original Message-----
> From: open-ils-dev-bounces at list.georgialibraries.org [mailto:
> open-ils-dev-bounces at list.georgialibraries.org] On Behalf Of Dan Scott
> Sent: December 4, 2009 14:01
> To: Evergreen Development Discussion List
> Subject: Re: [OPEN-ILS-DEV] ***SPAM*** Re: LDAP Authentication Ideas
>
> On Fri, 2009-12-04 at 11:56 -0500, Mike Rylander wrote:
> <snip>
> > A dojo module with the name matching the application would be supplied
> > along with the backend service and would define the semantics of the
> > call to open-ils.auth.authenticate.complete that it implements.  So,
> > the openils dojo module would look at the protocol order, and for each
> > not spelled "native" it would require that module.  For example:
> > dojo.require('joes.random.ldap.authz.opensrf.application'); ... it
> > would then loop over each, in the order specified, attempting to log
> > the user in using the service-specific dojo plugin, which would supply
> > the correct params to its matching implementation of
> > open-ils.auth.authenticate.complete.
> >
> > Thoughts?
>
> One more wish that I don't think is covered by your napkin - and possibly
> reflecting only Conifer's needs, although as more heterogeneous consortia
> enter the scene it will likely be desired by more than just Conifer - it
> would be nice to be able to associate a particular configuration of a given
> auth method, or set of auth methods, with a particular org_unit.
>
> Concrete example: Laurentian University and the University of Windsor would
> both love to use LDAP authentication. But Laurentian needs to point at their
> own LDAP server, and Windsor needs to point at their own LDAP server.
>
> Maybe open-ils.auth/app_settings grows a <default> element, with optional
> elements for org_unit shortnames that provide the auth method & associated
> configuration for users based on their home_ou?
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://libmail.georgialibraries.org/pipermail/open-ils-dev/attachments/20091204/29d95215/attachment.htm 