[Cubicweb] LDAP schema expected by Cubicweb

Alexandre Fayolle alexandre.fayolle at logilab.fr
Tue Feb 9 10:01:13 CET 2010


On Monday 08 February 2010 19:10:33 Sylvain Thénault wrote:
> On 08 février 18:56, Alexandre Fayolle wrote:
> > When using an LDAP source for authentication, what is the expected
> > underlying LDAP schema ?
> >
> > Is it inetOrgPerson [1], RFC 2256 [2] or something else?
> >
> > [1] http://www.faqs.org/rfcs/rfc2798.html
> > [2] http://www.faqs.org/rfcs/rfc2256.html
> 
> default configuration should be updated, since it's currently based on our
> (somewhat fishy configuration). From the config found in source:
> 
> user-base-dn: 'ou=People,dc=logilab,dc=fr',
> user-classes: ('top', 'posixAccount')
> user-login-attr: 'uid'
> user-attrs-map: {'uid': 'login', 'gecos': 'email'}
> 
> So:
> * user should have the top and posixAccount schemas
> * user login is the 'uid' ldap attributes, and its email the gecos
>  attribute (!).
> 
> Please, propose an altenative default configu :)

I think we could consider using the COSINE schema 
(http://www.faqs.org/rfcs/rfc4524.html), which defines an explicit 'mail' 
attribute (with appropriate comparison rules) (and keep gecos for backward 
compatibility). 

Maybe this would imply updating Logilab's LDAP.

-- 
Alexandre Fayolle                              LOGILAB, Paris (France)
Formations Python, CubicWeb, Debian :  http://www.logilab.fr/formations
Développement logiciel sur mesure :      http://www.logilab.fr/services
Informatique scientifique:               http://www.logilab.fr/science



More information about the Cubicweb mailing list