[Cubicweb] Apache + CubicWeb + LDAP

Dimitri Papadopoulos Orfanos dimitri.papadopoulos at cea.fr
Sun Jan 26 16:10:44 CET 2014


Hi,

Thank you for clarifying ldapfeed.

Le 24/01/2014 15:56, Aurélien Campéas a écrit :
>> [...]
>> An LDAP directory used by both SFTP and Apache+CubicWeb looks like the
>> obvious solution. Should I be looking elsewhere or is this the unique
>> and true way to achieve our goal?
>>
>
> It's a standard way, but probably not the only possible one.
> [...]

Which other ways could you suggest?

Most solutions I can think of seem to require new code:
* Get SFTP to use CubicWeb passwords by writing a PAM module.
* Get CubicWeb to use getpwnam() by writing a new CubicWeb source.

>[...]
> The ldapfeed source performs itself the authentication against the LDAP
> server, hence I'm not sure I understand the purpose of trustedauth here.
> [...]

Indeed both Apache and CubicWeb can authenticate against LDAP. However 
an Apache front-end provides standardized logs among other services 
(including authentication).

By the way, the documentation states that auth-mode supports:
* simple,
* cram_md5,
* digest_md5,
* gssapi.
I'm not very familiar with the details of authentication. Does this mean 
that the recommended {SSHA} password scheme is not supported?

It looks like Apache doesn't support {SSHA} either - or at least 
requires additional modules for that:
	https://github.com/DrGkill/htpasswd-ssha

Any clue on what password LDAP storage scheme fits best SFTP + CubicWeb 
+ Apache?

Regards,
-- 
Dimitri Papadopoulos
CEA/Saclay
I2BM, NeuroSpin




More information about the Cubicweb mailing list