[Cubicweb] Apache + CubicWeb + LDAP
Dimitri Papadopoulos Orfanos
dimitri.papadopoulos at cea.fr
Fri Jan 24 15:36:48 CET 2014
Dear list,
We would like to share the same login/password pair between SFTP and
CubicWeb.
Additionally, we would like CubicWeb authentication to be handled by an
Apache front-end.
An LDAP directory used by both SFTP and Apache+CubicWeb looks like the
obvious solution. Should I be looking elsewhere or is this the unique
and true way to achieve our goal?
I also have a few questions about integrating CubicWeb with Apache and LDAP:
I've read "LDAP integration" and I understand we must use the new
_ldapfeed_ source:
http://docs.cubicweb.org/admin/ldap.html
I think it would be easier to define groups in LDAP rather than in
CubicWeb, because it would allow to share groups between SFTP and
CubicWeb, and for the sake of consistency. I've found an open ticket "Ad
support for CWGroup definitions in ldapfeed":
http://www.cubicweb.org/ticket/2528116
Any clue which version of CubicWeb this patch could be included in?
I expect the accounts in LDAP to follow the standard LDAP schema for
Linux accounts. I can't decide from the documentation whether CubicWeb
will be able to understand this schema or not. I think "Configurations
options of an LDAPfeed source" describes how to set ldapfeed parameters
to achieve whatever mapping we need. Am I correct?
Finally I plan as usual to use cubicweb-trustedauth, to get CubicWeb to
trust the Apache front-end for authentication.
Regards,
--
Dimitri Papadopoulos
CEA/Saclay
I2BM, NeuroSpin
More information about the Cubicweb
mailing list