[Cubicweb] LDAP schema expected by Cubicweb
Alexandre Fayolle
alexandre.fayolle at logilab.fr
Tue Feb 9 10:01:13 CET 2010
On Monday 08 February 2010 19:10:33 Sylvain Thénault wrote:
> On 08 février 18:56, Alexandre Fayolle wrote:
> > When using an LDAP source for authentication, what is the expected
> > underlying LDAP schema ?
> >
> > Is it inetOrgPerson [1], RFC 2256 [2] or something else?
> >
> > [1] http://www.faqs.org/rfcs/rfc2798.html
> > [2] http://www.faqs.org/rfcs/rfc2256.html
>
> default configuration should be updated, since it's currently based on our
> (somewhat fishy configuration). From the config found in source:
>
> user-base-dn: 'ou=People,dc=logilab,dc=fr',
> user-classes: ('top', 'posixAccount')
> user-login-attr: 'uid'
> user-attrs-map: {'uid': 'login', 'gecos': 'email'}
>
> So:
> * user should have the top and posixAccount schemas
> * user login is the 'uid' ldap attributes, and its email the gecos
> attribute (!).
>
> Please, propose an altenative default configu :)
I think we could consider using the COSINE schema
(http://www.faqs.org/rfcs/rfc4524.html), which defines an explicit 'mail'
attribute (with appropriate comparison rules) (and keep gecos for backward
compatibility).
Maybe this would imply updating Logilab's LDAP.
--
Alexandre Fayolle LOGILAB, Paris (France)
Formations Python, CubicWeb, Debian : http://www.logilab.fr/formations
Développement logiciel sur mesure : http://www.logilab.fr/services
Informatique scientifique: http://www.logilab.fr/science
More information about the Cubicweb
mailing list