Forum OpenACS Q&A: Re: nsldap with bind support

Collapse
2: Re: nsldap with bind support (response to 1)
Posted by Gustaf Neumann on 04/23/10 09:59 AM
If you have a chance i would recommend to use PAM (Pluggable Authentication Modules) in connection with the naviserver module nsauthpam written by Vlad Seryakov. PAM allows one to define a hierarchy of different authentication systems. PAM modules (such as pam_ldap, pam_usb, pam_smb, pam_ssh or pam_krb5) are available for many operating system (we use pam_krb5).

The module nsauthpam is implemented for naviserver and uses naviserver's nice API for Tcl argument passing. Victor Guerra has altered argument passing to the good old manual way to compile the module for aolserver as well. If there is interest, we can make this available.

Links:
http://en.wikipedia.org/wiki/Pluggable_Authentication_Modules
http://bitbucket.org/naviserver/nsauthpam/src
http://naviserver.cvs.sourceforge.net/viewvc/naviserver/modules/nsauthpam/

Collapse
3: Re: nsldap with bind support (response to 2)
Posted by Malte Sussdorff on 10/13/10 12:42 PM
We are running into the issue of no bind support now a couple of times and are about to patch the Debian aolserver4-nsldap package to include the bind command. Has maybe anyone else done this already?

But as you recomment using nsauthpam, do you have the code to get this working in AOLserver somewhere so we could compile nsauthpam? Is there documentation for this?

Collapse
4: Re: nsldap with bind support (response to 3)
Posted by Victor Guerra on 10/14/10 12:26 PM
Let me look for the code and I'll upload it to the file-storage so you can have it.