Forum .LRN Q&A: External Authentication

Collapse
1: External Authentication
Posted by Alfred Essa on 08/11/04 07:00 PM
We want to document the external authentication module developed by Collaboraid. Can you please let us know if you are using it? If so, what authentication mechanism (ldap, kerberos, ....). Thank you in advance.
Collapse
2: Re: External Authentication (response to 1)
Posted by Nima Mazloumi on 08/11/04 07:09 PM
We are using the PAM module against OpenAFS. The increment.xml for the synchronization is created via passwd file generated from OpenAFS.
Collapse
3: Re: External Authentication (response to 1)
Posted by Rocael Hernández Rizzardini on 08/12/04 04:52 AM
Hello Al,
I've been working with most of it, so I offer my self to document it. At Galileo we are using LDAP plus some specific modifications that are needed here. Also I plan to *extract* the IMS stuff in there to ims-ent for oacs 5.2.

Is this urgent? (we are about to launch .LRN at Galileo university-wide, so I'll prefer to do it right after, something like in the first week of september?)

Collapse
4: Re: External Authentication (response to 1)
Posted by Matthias Melcher on 08/12/04 01:32 PM
We are using it currently with PAM against Radius.
Collapse
5: Re: External Authentication (response to 3)
Posted by Alfred Essa on 08/12/04 02:48 PM
Roc...thanks. no this is not urgenet. We will also will not get to this until we launch on .LRN 2.x.
Collapse
6: Re: External Authentication (response to 3)
Posted by Malte Sussdorff on 09/07/04 04:33 PM
Hi Rocael,

can you post some information on what you did exactly, as we need it in Darmstadt to authenticate against LDAP and sadly currently both ns_pam and ns_ldap modules fail (the former with an ad_raise notfound, the latter with "no available pools" though we copied the information from you).

Collapse
7: Re: External Authentication (response to 6)
Posted by Rocael Hernández Rizzardini on 09/07/04 08:09 PM
Hello Malte,
are you using oracle?
strange, the no available pools is something that I haven't found yet in our prod/dev servers....

where did you get the ns_ldap module?

here's our config.tcl nsldap section:

#
# ldap pool ldap
#

ns_section "ns/ldap/pool/ldap"
ns_param user "cn=Manager, o=Your University"
ns_param password "yourpass"
ns_param host "ldap.server.edu"
ns_param connections 1
ns_param verbose On

#
# ldap pools
#
ns_section "ns/ldap/pools"
ns_param ldap ldap

#
# ldap default pool
#
ns_section "ns/server/${server}/ldap"
ns_param Pools *
ns_param DefaultPool ldap

are you trying direct call to ns_ldap or through acs-authentication authority?

Collapse
8: External Authentication Documentation (response to 1)
Posted by Rocael Hernández Rizzardini on 09/22/04 03:20 AM
I just added a new Introduction about this package at:
http://cvs.openacs.org/cvs/*checkout*/openacs-4/packages/acs-authentication/www/doc/Attic/acs-authentication.htm?rev=1.1.2.2

Hope this helps new users / developers that might start to use it. If you have questions, suggestions or comments, please feel free to do them in this thread and I might add those to the documentation as well.

Collapse
9: Re: External Authentication (response to 1)
Posted by Nick Carroll on 09/22/04 07:42 AM
I created an authentication driver for an in-house Single Sign-On (SSO) system here at The University of Sydney.  I based my driver on the ldap and pam drivers.
Collapse
10: Re: External Authentication (response to 1)
Posted by Nima Mazloumi on 09/22/04 09:59 AM
Nick, can you tell us a bit more on that? How did you implement the SSO? We also have several systems running here next to OpenACS and I would like to create a SSO between .LRN and the Library System for instance.