http-authentication for s9y-backend -other way-

[wasabi]

Hello forum,

when I was searching for a way to authenticate our intranet-blog against my existing apache-ldap-auth I found the existing serendipity_event_httpauth. Unfortunately the only thing what happens is that the well-known little http-auth-window appears, which only authenticates against the s9y-db with their static passwords

Is there a way to retrieve user info from a successful apache-auth (performed by an ldap-auth against an MS-AD) and finally login the user this way????

Sorry for my poor English - I will add any necessary information to make things clearer

Kind regards an thanks in advance,

wasabi

[garvinhicking]

Hi!

Did you have a look at the externalauth plugin, which provides LDAP authentication mirroring?

Also we are currently doing rework in the authentication plugins: http://board.s9y.org/viewtopic.php?t=8413

HTH,
Garvin

[wasabi]

Hi Garvin,

many thanks for your answer - I will try the plugin you mentioned and post my experiences!

Kind regards,
wasabi/Claudio

[wasabi]

Did you have a look at the externalauth plugin, which provides LDAP authentication mirroring?

HTH,
Garvin

Maybe I did not describe my wish very well....I use an apache 2.2.x with
mod_authn_alias combined with mod_authnz_ldap.
I need mod_authn_alias because there are 3 (!) ldap-trees where users might be hidden
My idea was to build a little authentication around the blog. Whenever John Doe authenticates there against Apache he should be transparently logged in with the blog.

~~~~~~~~~~~~~~~~~~~~

Now in German (my native language):

Es wäre schön, wenn der Username, den ich in die Apache-Authentifizierung reinklopfe, auch gleich am blog angemeldet wird. Den Kopfstand mit der apache-auth. will ich ungern wiederholen

Nochmal danke und viele Grüße,
wasabi/Claudio

[garvinhicking]

Hi!

Maybe I did not describe my wish very well....I use an apache 2.2.x with
mod_authn_alias combined with mod_authnz_ldap.
I need mod_authn_alias because there are 3 (!) ldap-trees where users might be hidden
My idea was to build a little authentication around the blog. Whenever John Doe authenticates there against Apache he should be transparently logged in with the blog.

So you can't authenticate against LDAP? In that case you must use the ldap plugin and adapt it to make the queries that the plugin does with LDAP against the Apache auth API (by checking environment variables or whatever).

If Apache can pass through the user authentication, you can try to combine the htaccess and the ldap plugin. You definitely need to create a s9y user account based on the credentials you get using the apache authentication. Without having actual SQL rows in the serendipity_authors DB table, nobody can be authenticated inside the blog.

Can't help you much further with that, I have about zero knowledge about Single-Signon-Services.

HTH,
Garvin