[Cubicweb] Apache + CubicWeb + LDAP

Dimitri Papadopoulos Orfanos dimitri.papadopoulos at cea.fr
Fri Jan 24 15:36:48 CET 2014


Dear list,

We would like to share the same login/password pair between SFTP and 
CubicWeb.

Additionally, we would like CubicWeb authentication to be handled by an 
Apache front-end.

An LDAP directory used by both SFTP and Apache+CubicWeb looks like the 
obvious solution. Should I be looking elsewhere or is this the unique 
and true way to achieve our goal?



I also have a few questions about integrating CubicWeb with Apache and LDAP:

I've read "LDAP integration" and I understand we must use the new 
_ldapfeed_ source:
	http://docs.cubicweb.org/admin/ldap.html

I think it would be easier to define groups in LDAP rather than in 
CubicWeb, because it would allow to share groups between SFTP and 
CubicWeb, and for the sake of consistency. I've found an open ticket "Ad 
support for CWGroup definitions in ldapfeed":
	http://www.cubicweb.org/ticket/2528116
Any clue which version of CubicWeb this patch could be included in?

I expect the accounts in LDAP to follow the standard LDAP schema for 
Linux accounts. I can't decide from the documentation whether CubicWeb 
will be able to understand this schema or not. I think "Configurations 
options of an LDAPfeed source" describes how to set ldapfeed parameters 
to achieve whatever mapping we need. Am I correct?

Finally I plan as usual to use cubicweb-trustedauth, to get CubicWeb to 
trust the Apache front-end for authentication.

Regards,
-- 
Dimitri Papadopoulos
CEA/Saclay
I2BM, NeuroSpin



More information about the Cubicweb mailing list