[Cubicweb] LDAP schema expected by Cubicweb

Alexandre Fayolle alexandre.fayolle at logilab.fr
Tue Feb 9 10:31:58 CET 2010


On Tuesday 09 February 2010 10:01:13 Alexandre Fayolle wrote:
> On Monday 08 February 2010 19:10:33 Sylvain Thénault wrote:
> > On 08 février 18:56, Alexandre Fayolle wrote:
> > > When using an LDAP source for authentication, what is the expected
> > > underlying LDAP schema ?
> > >
> > > Is it inetOrgPerson [1], RFC 2256 [2] or something else?
> > >
> > > [1] http://www.faqs.org/rfcs/rfc2798.html
> > > [2] http://www.faqs.org/rfcs/rfc2256.html
> >
> > default configuration should be updated, since it's currently based on
> > our (somewhat fishy configuration). From the config found in source:
> >
> > user-base-dn: 'ou=People,dc=logilab,dc=fr',
> > user-classes: ('top', 'posixAccount')
> > user-login-attr: 'uid'
> > user-attrs-map: {'uid': 'login', 'gecos': 'email'}
> >
> > So:
> > * user should have the top and posixAccount schemas
> > * user login is the 'uid' ldap attributes, and its email the gecos
> >  attribute (!).
> >
> > Please, propose an altenative default configu :)
> 
> I think we could consider using the COSINE schema
> (http://www.faqs.org/rfcs/rfc4524.html), which defines an explicit 'mail'
> attribute (with appropriate comparison rules) (and keep gecos for backward
> compatibility).

actually after digging a bit, it appears that posixAccount is defined in 
nis.schema which depends on cosine.schema. It should be easy to extend that 
class to include the mail attribute defined in cosine. 

Opinion ? 

-- 
Alexandre Fayolle                              LOGILAB, Paris (France)
Formations Python, CubicWeb, Debian :  http://www.logilab.fr/formations
Développement logiciel sur mesure :      http://www.logilab.fr/services
Informatique scientifique:               http://www.logilab.fr/science



More information about the Cubicweb mailing list