[OpenID] LDAP-to-OpenID gateway?
openid at ussjoin.com
Mon Feb 26 21:26:42 UTC 2007
My understanding is that that functionality will be included as part of
the Apache-CardSpace integration; CardSpace would be handled by apache
itself, which would then pass the credentials to the OP.
Someone working on that, care to comment?
Troy Benjegerdes wrote:
> What I would really like is a drop-in php/perl/whatever set of scripts
> to make an OpenID server that uses Apache authorization to verify the
> identity of the user.
> This would allow a completely transparent single-sign-on system for
> those of us using Kerberos and mod_auth_kerb on apache, and it could
> also be used to backend to an LDAP database with the apache LDAP auth
> (For example, my desktop linux box uses kerberos to authenticate me to
> log in.. I then have kerberos tickets. If I go to my local openid server
> website, firefox knows how to delegate the kerberos credentials to the
> apache on the openid server.. what is missing is the little bit of glue
> to make a simple openid server using apache auth.)
> On Mon, Feb 26, 2007 at 10:32:06AM -0500, Brendan O'Connor wrote:
>> What we did (here at Johns Hopkins) is make the account creation step
>> verify against our LDAP directory the existence of an account before
>> allowing the creation to go through; that's about a six-line addition to
>> the PIP code in heraldry, but the code we did wasn't added to heraldry.
>> This met our needs, but you might want to do the (also very small)
>> checks for existence on login, too, if your users have a time when
>> they'd become deactivated, or additional changes depending on need. The
>> Ruby LDAP stuff is pretty easy to use, but if you'd like our code
>> (written by the Systems head of the local ACM chapter), let me know and
>> I'll send it offlist.
>> ---Brendan O'Connor
>> John Fink wrote:
>>> Hey folks,
>>> Just had my "Aha!" moment with OpenID yesterday night, and since then my
>>> mind has been racing. Is there anything like a LDAP-to-OpenID gateway?
>>> That is, something locally runnable that hooks into an LDAP server and
>>> generates accounts (and perhaps OpenID URIs too!) based on information
>>> from LDAP? I've searched this list, and it seems like someone at Johns
>>> Hopkins has done this, but I'm not sure how or if those instructions
>>> were rolled into Heraldry or what.
>>> http://libgrunt.blogspot.com -- library culture and technology.
>>> general mailing list
>>> general at openid.net
>> general mailing list
>> general at openid.net
More information about the general