User Tools

Site Tools


bigace:extensions:auth:ldap

LDAP Authenticator

The LDAP Authenticator is a pluggable authentication system, that gives you the opportunity to authenticate BIGACE at your LDAP. It is not meant for being a “Single sign on” (SSO) solution, but for administrator to have only one place to store user information. You company employees are now able to login at BIGACE with their company wide username and password.

This Authenticator was developed during my university course “Cross platform authentication systems”. Thanks to Volker Lingens who gave me the chance to develop it as semester project.

Get all downloads from:

LDAP detail page

Features

  • Authenticate against LDAP
  • Configuration via config file and Database configs
  • Separate configs to use different LDAP trees for each community
  • Default group for every user
  • Group mapping between LDAP and BIGACE, for ACL support
  • Group memberships will be verified at every login
  • Authenticate against local user base if LDAP fails (not recommended for prod systems)

Configuration

The following configurations are available in the package “ldap”:

Config name Default value Description
objectclass person The schema class to be used for querying user information
account_suffix Suffix to append to the username search string
account_prefix cn= Prefix to prepend to the username search string. Attribute that uniquely identifies the person. The “person” schema for example uses cn=
base_dn The base tree of your LDAP queries
domain_controllers localhost Array of possible host controller. Leave as is if you are unsure.
username Administrator username, used for initiating connection
password Administrator password
use_ssl true
bigace/extensions/auth/ldap.txt · Last modified: 2011/06/11 02:05 by kevin