[OpenID] LDAP-to-OpenID gateway?
Martin Atkins
mart at degeneration.co.uk
Fri Mar 16 08:19:05 UTC 2007
Troy Benjegerdes wrote:
> On Fri, Mar 16, 2007 at 06:18:22AM +0200, Dmitry Shechtman wrote:
>> http://www.butterfat.net/wiki/Projects/ModAuthOpenID
>>
>
> That's pretty nice, but I want an openid *provider*, not a consumer. I
> want to be able to use my already deployed kerberos & ldap servers to
> authenticate me, and then run an openid provider so I can log into all
> the openid-enabled web sites with it.
>
What you need, I think, is a very simple provider that looks at
REMOTE_USER to get the username that Apache successfully authenticated
and then look at the OpenID URL to see if it's consistent with that.
I'm not aware of anything that already does this out of the box, but it
probably wouldn't be that hard to play around with phpMyId and replace
the part where it checks the remote user. I think the important bit is
the stuff under the comment "if the user is not logged in, transfer to
the authorization mode" in MyID.php.
I'd like to do a similar thing at my workplace, so I may have a go at
this over the weekend if I have some spare time.
More information about the general
mailing list