[Freedombox-discuss] LDAP

Nick Daly nick.m.daly at gmail.com
Sat Dec 28 01:08:39 UTC 2013


Bdale Garbee <bdale at gag.com> writes:

> Jonas Smedegaard <dr at jones.dk> writes:
>
>> Ok.  Makes good sense to mandate use of shared auth mechanism.  Not 
>> convinced LDAP is the ideal for that, though.
>
> ...Clearly not critical path, but this is another possible task for
> someone out there reading who would like a modest project that could
> help us out in the long term.
>
> What I think we can effectively use LDAP for is to manage the information
> associated with identities.  Users, what access rights they should have,
> etc, in an application-neutral way that we can potentially wrap some
> plinth UI goodness around eventually.

It should also be possible to use these sorts of ACLs to create
application-specific data-stores (among other things, to keep
applications from snooping on one another's data).  Keeping data
separated is a related, but different, issue from the problem of
separating processes ("the LXC/VM issue").

So, does anybody know any good LDAP-enabled services we can use?  I
tried to move a wiki service into Plinth (ikiwiki, via [0]), but
immediately ran into the problem that ikiwiki knows nothing about
authentication mechanisms other than its own.  I'm checking on the
ikiwiki IRC channel and their forums, but very few wiki services (other
than MediaWiki, which feels like overkill) are aware of LDAP.

Time to do a lot of LDAP (or Kerberos, or...) learning.

Thanks,
Nick

0: https://bitbucket.org/nickdaly/plugserver/src/tip/setup/wiki/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20131227/a3ee215b/attachment.sig>


More information about the Freedombox-discuss mailing list