Closed Bug 475118 Opened 15 years ago Closed 15 years ago

Add LDAP auth support to Weave server

Categories

(Cloud Services Graveyard :: Server: Sync, defect, P1)

x86
All
defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: anant, Assigned: anant)

References

Details

Attachments

(1 file, 1 obsolete file)

The weave server needs to support LDAP based authentication
Attachment #358516 - Flags: review?(telliott)
Fix typo
Attachment #358516 - Attachment is obsolete: true
Attachment #358520 - Flags: review?(telliott)
Attachment #358516 - Flags: review?(telliott)
Attachment integrated. Leaving this bug open as a tracker for implementing the remainder of the skeleton.
Blocks: 475572
You allow anonymous binds? Why?

Why isn't this stuff stored in a config rather than hardcoded in the actual code?
I'll let anant speak to the anonymous binds.

The constants are part of weave_constats file; I just missed pulling that set out of the top of the object when I did the integration. Thanks for the catch.
> You allow anonymous binds? Why?

I don't think we do. The corresponding lines of code:

> $userdn = WEAVE_LDAP_AUTH_PARAM."=$user,".WEAVE_LDAP_AUTH_DN;
> if (ldap_bind($this->_conn, $userdn, $pass))

We're binding as the user; it's not anonymous. If the bind fails, we assume it was because the password was incorrect and proceed accordingly.
Added a few more methods to the auth backend: http://hg.mozilla.org/labs/weaveserver/rev/2993d6b9c1f7

create_user will be fine-tuned according to the new schema as soon as I can do some tests on sm-proxy01 (which will be when we switch that box to the new ldap structure)
http://hg.mozilla.org/labs/weaveserver/rev/30ac838ff9cb makes the backend work with our new cluster
This is done, no?  Or are you keeping this bug open until you port all the web pages too?
Yes, I'd like to make sure all the methods work as expected before closing the bug.
LDAP currently does not have support for the X-Weave-Alert fields, though we could move that into its own bug.
On a similar note we also need support for account status and alert messages, both in the LDAP schema and in this code.
Are you including porting the dashboard as part of this bug as well?  If not I'll file a new bug for that.
OS: Mac OS X → All
Priority: -- → P1
(In reply to comment #12)
> Are you including porting the dashboard as part of this bug as well?  If not
> I'll file a new bug for that.

Separate bug would help, thanks!
LDAP Auth backend tested and in place (hg tip please!)
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Component: Weave Server → Server
Product: Mozilla Labs → Weave
Target Milestone: 0.3 → ---
Version: 0.3 → unspecified
QA Contact: weaveserver → server
Comment on attachment 358520 [details] [diff] [review]
Weave server LDAP authentication

Clearing this from the review queue. It's been long-incorporated
Attachment #358520 - Flags: review?(telliott) → review-
Product: Cloud Services → Cloud Services Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: