[Cubicweb] Re: LDAP schema expected by Cubicweb

Julien Jehannet julien.jehannet at logilab.fr
Mon Feb 15 15:56:20 CET 2010


Cubicweb developpers,

Please don't forget to update documentation about LDAP integration
afterwards.

Current is... nothing (http://www.cubicweb.org/doc/en/admin/ldap.html)


> * Alexandre Fayolle <alexandre.fayolle at logilab.fr> [09-fév-2010 10:32]:
> On Tuesday 09 February 2010 10:01:13 Alexandre Fayolle wrote:
> > On Monday 08 February 2010 19:10:33 Sylvain Thénault wrote:
> > > On 08 février 18:56, Alexandre Fayolle wrote:
> > > > When using an LDAP source for authentication, what is the expected
> > > > underlying LDAP schema ?
> > > >
> > > > Is it inetOrgPerson [1], RFC 2256 [2] or something else?
> > > >
> > > > [1] http://www.faqs.org/rfcs/rfc2798.html
> > > > [2] http://www.faqs.org/rfcs/rfc2256.html
> > >
> > > default configuration should be updated, since it's currently based on
> > > our (somewhat fishy configuration). From the config found in source:
> > >
> > > user-base-dn: 'ou=People,dc=logilab,dc=fr',
> > > user-classes: ('top', 'posixAccount')
> > > user-login-attr: 'uid'
> > > user-attrs-map: {'uid': 'login', 'gecos': 'email'}
> > >
> > > So:
> > > * user should have the top and posixAccount schemas
> > > * user login is the 'uid' ldap attributes, and its email the gecos
> > >  attribute (!).
> > >
> > > Please, propose an altenative default configu :)
> > 
> > I think we could consider using the COSINE schema
> > (http://www.faqs.org/rfcs/rfc4524.html), which defines an explicit 'mail'
> > attribute (with appropriate comparison rules) (and keep gecos for backward
> > compatibility).
> 
> actually after digging a bit, it appears that posixAccount is defined in 
> nis.schema which depends on cosine.schema. It should be easy to extend that 
> class to include the mail attribute defined in cosine. 

-- 
Julien JEHANNET                                          LOGILAB, Paris (France)
http://www.cubicweb.org                 CubicWeb, le cadriciel du web sémantique
http://www.logilab.org             Dépôt des logiciels libres conçus par Logilab
http://www.logilab.fr       Informatique scientifique & Gestion de connaissances
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.cubicweb.org/pipermail/cubicweb/attachments/20100215/75cf2a7e/attachment-0212.sig>


More information about the Cubicweb mailing list