[OpenID] LDAP-to-OpenID gateway?

Martin Atkins mart at degeneration.co.uk
Fri Mar 16 08:19:05 UTC 2007

Troy Benjegerdes wrote:
> On Fri, Mar 16, 2007 at 06:18:22AM +0200, Dmitry Shechtman wrote:
>> http://www.butterfat.net/wiki/Projects/ModAuthOpenID
> That's pretty nice, but I want an openid *provider*, not a consumer. I
> want to be able to use my already deployed kerberos & ldap servers to
> authenticate me, and then run an openid provider so I can log into all
> the openid-enabled web sites with it.

What you need, I think, is a very simple provider that looks at 
REMOTE_USER to get the username that Apache successfully authenticated 
and then look at the OpenID URL to see if it's consistent with that.

I'm not aware of anything that already does this out of the box, but it 
probably wouldn't be that hard to play around with phpMyId and replace 
the part where it checks the remote user. I think the important bit is 
the stuff under the comment "if the user is not logged in, transfer to 
the authorization mode" in MyID.php.

I'd like to do a similar thing at my workplace, so I may have a go at 
this over the weekend if I have some spare time.

More information about the general mailing list