[SAC] LDAP in Drupal
Frank Warmerdam
warmerdam at pobox.com
Wed Dec 19 14:59:51 EST 2007
Tyler Mitchell (OSGeo) wrote:
> With our recent Drupal upgrade and it's related ldap integration module,
> I've done some more tests with increasing the integration between Drupal
> and LDAP. The earlier versions of the module were not ready for more
> than simple authentication.
>
> By giving the module access to the LDAP manager role, it can now allows
> users to reset their passwords and edit their own attributes. There is
> always concern about using the manager role in the application, but
> largely because we didn't really understand how it gets used in Drupal.
> Now, the password itself does not appear in cleartext in any form in
> drupal, though it is stored in the database.
Tyler,
I think this is great news (despite some early concern). As discussed
in IRC I think we need to be careful who has PHP editing permission in
Drupal since that is a backdoor to querying the database and/or doing
other unpriveledged operations on the server.
What is the url for a user to update their email, password and other
LDAP info? Can we point the appropriate portion of the page:
http://www.osgeo.org/osgeo_userid
to that?
Likewise, is there a mechanism for searching for an ldap userid and
for creating new ones? If Drupal can handle these functions, lets
move to it instead of using the custom python scripts, and update
the osgeo_userid page accordingly. With luck, the "ldap group
management" will be the last of the custom python scripts we need to
use.
> How can we build confidence in the use of this module and approach?
>
> Is it possible to have LDAP users edit their own attributes? Previously
> this was not an option, but it would also help reduce the use of the
> manager role.
If Drupal already has the manager account, I'm not sure that it would
be any better to make some changes self-authenticating.
Best regards,
--
---------------------------------------+--------------------------------------
I set the clouds in motion - turn up | Frank Warmerdam, warmerdam at pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush | President OSGeo, http://osgeo.org
More information about the Sac
mailing list