LDAP authentication
Dear list, I've succesfully been running iCal server as a smallbusiness caldav server. I did this on a Linux, thanks to the precise informations provided by Maxime Wacker I get just one issue, which was the dateutil patch, which was conflicting according to the version of dateutil I fetched. I repatched the lib manually, here is the result : --- setup.py 2007-05-09 14:55:46.000000000 +0200 +++ setup.py 2007-05-09 14:59:34.000000000 +0200 @@ -4,12 +4,14 @@ from os.path import isfile, join import glob import os +import sys + +datadir = get_python_lib(1)[len(sys.prefix)+1:] if isfile("MANIFEST"): os.unlink("MANIFEST") # Get PYTHONLIB with no prefix so --prefix installs work. -PYTHONLIB = join(get_python_lib(standard_lib=1, prefix=''), 'site-packages') ZONEINFO = join("dateutil", "zoneinfo") setup(name="python-dateutil", @@ -25,6 +27,6 @@ datetime module, available in Python 2.3+. """, packages = ["dateutil", "dateutil.zoneinfo"], - data_files = [(join(PYTHONLIB, ZONEINFO), - glob.glob(join(ZONEINFO, "zoneinfo*.tar.*")))], + data_files = [(os.path.join(datadir, "dateutil", "zoneinfo"), + glob.glob(os.path.join("dateutil", "zoneinfo", "zoneinfo*.tar.*")))], ) I'm now interested in pluging the server to an existing ldap directory in order to authenticate the users. According to the wiki, OpenDirectoryService is the thing I should use. Is this DirectoryService somehow crossplatform ? How can it be configured to connect to the existing ldap directory, have you any doc about that ? Best regards Julien Chevalier
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Julien, On May 9, 2007, at 9:40 AM, Julien Chevalier wrote:
I'm now interested in pluging the server to an existing ldap directory in order to authenticate the users. According to the wiki, OpenDirectoryService is the thing I should use. Is this DirectoryService somehow crossplatform ? How can it be configured to connect to the existing ldap directory, have you any doc about that ?
Unfortunately it is not cross platform, it uses the Directory Services/Open Directory API provided by Apple. A pure LDAP DirectoryService is on my todo list (using ldaptor[0]) But there are design issues blocking that work and I don't have the time to sort it all out right now. I'm sorry that we don't just have something ready for you. It should be possible to use python-ldap[1] without any design changes to the twistedcaldav.directory APIs however python-ldap is not an asynchronous API so it's performance in our twisted server may be suboptimal and require the use of a caching mechanism similar to OpenDirectoryService's. Footnotes: [0] http://www.inoi.fi/open/trac/ldaptor/ [1] http://python-ldap.sourceforge.net/ - -David P.S. If anyone feels incredibly motivated to pursue any course of action along the lines of implementing some sort of LDAP Directory Service I'm sure it would be welcome. "Usually the protocol is this: I appoint someone for a task, which they are not qualified to do. Then, they have to fight a bear if they don't want to do it." -- Glyph Lefkowitz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFGQgQOrsrO6aeULcgRAqDHAJwO+gSuKWEuQK8IuWkVtbpoUVpJMACfbPVo CkYwpwdkePBBqqVitXmyRz8= =ZeGO -----END PGP SIGNATURE-----
On May 9, 2007, at 12:25 PM, David Reid wrote:
It should be possible to use python-ldap[1] without any design changes to the twistedcaldav.directory APIs however python-ldap is not an asynchronous API so it's performance in our twisted server may be suboptimal and require the use of a caching mechanism similar to OpenDirectoryService's.
P.S. If anyone feels incredibly motivated to pursue any course of action along the lines of implementing some sort of LDAP Directory Service I'm sure it would be welcome.
I'd like to take a crack at it. I'm familiar with Python LDAP programming, not so much with the calendar server's source (although I have been using it for several months now). I'm also interested in the potential of using other LDAP directories as authentication backends. I can see that I have to implement the methods in twistedcaldav.directory.directory; anyplace else I should look to get started? -- Ben
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On May 9, 2007, at 1:28 PM, Ben Gollmer wrote:
On May 9, 2007, at 12:25 PM, David Reid wrote:
It should be possible to use python-ldap[1] without any design changes to the twistedcaldav.directory APIs however python-ldap is not an asynchronous API so it's performance in our twisted server may be suboptimal and require the use of a caching mechanism similar to OpenDirectoryService's.
P.S. If anyone feels incredibly motivated to pursue any course of action along the lines of implementing some sort of LDAP Directory Service I'm sure it would be welcome.
I'd like to take a crack at it. I'm familiar with Python LDAP programming, not so much with the calendar server's source (although I have been using it for several months now). I'm also interested in the potential of using other LDAP directories as authentication backends.
I can see that I have to implement the methods in twistedcaldav.directory.directory; anyplace else I should look to get started?
The formal interface definition is in twistedcaldav.directory.idirectory. You may also look at the appleopendirectory source in that same directory. - -David "Usually the protocol is this: I appoint someone for a task, which they are not qualified to do. Then, they have to fight a bear if they don't want to do it." -- Glyph Lefkowitz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFGQjMArsrO6aeULcgRAnMrAJ91Pb5b1JbGIVXoVgTKAEWCRXpAmACfQ1ps c1uiNgHmVHCbANTH5KCEwq4= =7cdW -----END PGP SIGNATURE-----
participants (3)
-
Ben Gollmer
-
David Reid
-
Julien Chevalier