First time here? Check out the FAQ!
1

LDAP support

Are there plans to support LDAP as a login mechanism?

This is really a pre-requisite when using askbot as an internal corporate Q&A site.

Evgeny's avatar
13.2k
Evgeny
updated 2010-09-27 10:55:55 -0500
Benoit's avatar
875
Benoit
asked 2010-09-27 08:13:37 -0500
edit flag offensive 0 remove flag close merge delete

Comments

Very possible. I'll try to get this to work this week. Thanks.
Evgeny's avatar Evgeny (2010-09-27 10:55:27 -0500) edit
add a comment see more comments

1 Answer

2

Hi Benoit,

I've added experimental LDAP support, however I've only tested in on a "mock" ldap object.

Basically if you go to "settings"->"External keys", check "Use LDAP for password login" and fill out all ldap related fields.

You might need to adjust a function askbot.deps.django_authopenid.util.ldap_check_password as some parameters may need to be changed. If you make this function work on a real LDAP directory, you'll be able to log in via ldap.

def ldap_check_password(username, password):
    import ldap
    try:
        ldap_session = ldap.initialize(askbot_settings.LDAP_URL)
        ldap_session.simple_bind_s(username, password)
        ldap_session.unbind_s()
        return True
    except ldap.LDAPError, e:
        logging.critical(unicode(e))
        return False

If you want to disable other login methods and change looks of the login form, for now you'll have to hack a template askbot/skins/default/templates/authopenid/signin.html

Here is the mock ldap object that I've used to test the LDAP method:

class LDAPError(Exception):
    pass

class LDAP(object):

    def simple_bind_s(self, username, password):
        if username == 'test' and password == 'test':
            return True
        else:
            raise LDAPError('try again')

    def unbind_s(self):
        pass

def initialize(*args):
    return LDAP()
Evgeny's avatar
13.2k
Evgeny
answered 2010-10-03 18:42:29 -0500
edit flag offensive 0 remove flag delete link

Comments

As it turns out, our internal LDAP setup is a pain. Ended up hacking the askbot login from authopenid to use the pwd/crypt modules. I can feed you back the changes if you want to provide a unix credentials login mechanism.
Benoit's avatar Benoit (2010-10-11 10:49:04 -0500) edit
Indeed could you somehow send your login code - I'll definitely include the unix credential login option. Either fork on github and add your code or email me at evgeny.fadeev@gmail.com. Thanks. As for LDAP - maybe you needed to create a more elaborate "username" parameter..
Evgeny's avatar Evgeny (2010-10-11 11:43:36 -0500) edit
add a comment see more comments