Mar 24, 2008 16:44
Hi everyone,
It's briefly mentioned in the docs that LJ can use LDAP. Is it possible to get any further info - is LDAP only used for authentication (ie. to lookup username and password), or does LJ actually store information using LDAP?
Regards,
Lars
server: authentication,
server: administration,
server
Leave a comment
Comments 2
From looking at the code (see the end of load_user in LJ::User), it looks like the LDAP support copies the user's name and email address from the LDAP directory the first time they attept to log in, when a LJ user account is auto-created for them. After this, the LJ code will use LDAP only for authentication of that user and changes to the LDAP data will not be reflected in the LJ database. The user's journal will also go on existing if you delete the user from the LDAP directory, though they won't be able to log in. A future user with the same username will inherit the LJ account of the previous user.
LJ::LDAP has the LDAP-handling code in it. Looks like it hard-codes the attribute names from which the email address and nickname are read to be "mailLocalAddress" and "gecos" respectively. It also expects a hash of the user's password to be in the "userPassword" attribute. The key to enabling all of this seems to be setting the $LJ::LDAP_HOST configuration variable. You can also set $LJ::LDAP_BASE to the base DN to search, and $LJ:: ( ... )
Reply
As I want to integrate LJ with an existing userbase, I guess I'll skip the LDAP layer and write my own plugin instead.
Reply
Leave a comment