[OpenID] LDAP-to-OpenID gateway?

Brendan O'Connor openid at ussjoin.com
Mon Feb 26 21:26:42 UTC 2007


My understanding is that that functionality will be included as part of 
the Apache-CardSpace integration; CardSpace would be handled by apache 
itself, which would then pass the credentials to the OP.

Someone working on that, care to comment?

---Brendan O'Connor

Troy Benjegerdes wrote:
> What I would really like is a drop-in php/perl/whatever set of scripts
> to make an OpenID server that uses Apache authorization to verify the
> identity of the user.
> 
> This would allow a completely transparent single-sign-on system for
> those of us using Kerberos and mod_auth_kerb on apache, and it could
> also be used to backend to an LDAP database with the apache LDAP auth
> modules.
> 
> (For example, my desktop linux box uses kerberos to authenticate me to
> log in.. I then have kerberos tickets. If I go to my local openid server
> website, firefox knows how to delegate the kerberos credentials to the
> apache on the openid server.. what is missing is the little bit of glue
> to make a simple openid server using apache auth.)
> 
> On Mon, Feb 26, 2007 at 10:32:06AM -0500, Brendan O'Connor wrote:
>> What we did (here at Johns Hopkins) is make the account creation step 
>> verify against our LDAP directory the existence of an account before 
>> allowing the creation to go through; that's about a six-line addition to 
>> the PIP code in heraldry, but the code we did wasn't added to heraldry.
>>
>> This met our needs, but you might want to do the (also very small) 
>> checks for existence on login, too, if your users have a time when 
>> they'd become deactivated, or additional changes depending on need. The 
>> Ruby LDAP stuff is pretty easy to use, but if you'd like our code 
>> (written by the Systems head of the local ACM chapter), let me know and 
>> I'll send it offlist.
>>
>> ---Brendan O'Connor
>>
>> John Fink wrote:
>>> Hey folks,
>>>
>>> Just had my "Aha!" moment with OpenID yesterday night, and since then my 
>>> mind has been racing.  Is there anything like a LDAP-to-OpenID gateway?  
>>> That is, something locally runnable that hooks into an LDAP server and 
>>> generates accounts (and perhaps OpenID URIs too!) based on information 
>>> from LDAP?  I've searched this list, and it seems like someone at Johns 
>>> Hopkins has done this, but I'm not sure how or if those instructions 
>>> were rolled into Heraldry or what.
>>>
>>> jf
>>>
>>> -- 
>>> http://libgrunt.blogspot.com -- library culture and technology.
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> general mailing list
>>> general at openid.net
>>> http://openid.net/mailman/listinfo/general
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
> 



More information about the general mailing list