[Cubicweb] Apache + CubicWeb + LDAP

Dimitri Papadopoulos Orfanos dimitri.papadopoulos at cea.fr
Sun Jan 26 16:10:44 CET 2014


Thank you for clarifying ldapfeed.

Le 24/01/2014 15:56, Aurélien Campéas a écrit :
>> [...]
>> An LDAP directory used by both SFTP and Apache+CubicWeb looks like the
>> obvious solution. Should I be looking elsewhere or is this the unique
>> and true way to achieve our goal?
> It's a standard way, but probably not the only possible one.
> [...]

Which other ways could you suggest?

Most solutions I can think of seem to require new code:
* Get SFTP to use CubicWeb passwords by writing a PAM module.
* Get CubicWeb to use getpwnam() by writing a new CubicWeb source.

> The ldapfeed source performs itself the authentication against the LDAP
> server, hence I'm not sure I understand the purpose of trustedauth here.
> [...]

Indeed both Apache and CubicWeb can authenticate against LDAP. However 
an Apache front-end provides standardized logs among other services 
(including authentication).

By the way, the documentation states that auth-mode supports:
* simple,
* cram_md5,
* digest_md5,
* gssapi.
I'm not very familiar with the details of authentication. Does this mean 
that the recommended {SSHA} password scheme is not supported?

It looks like Apache doesn't support {SSHA} either - or at least 
requires additional modules for that:

Any clue on what password LDAP storage scheme fits best SFTP + CubicWeb 
+ Apache?

Dimitri Papadopoulos
I2BM, NeuroSpin

More information about the Cubicweb mailing list