Q/FR: LDAP Support about pyoidc HOT 8 OPEN

2 apr 2015 kl. 23:15 skrev Steven Roose [email protected]:

Just a question and potential feature request: Can pyoidc be used an as OpenID layer around an LDAP server, like OpenID-LDAP.org’s (outdated) implementation?

OpenID Connect yes, OpenID no !

• Roland

"It is the consequence of humanity. We are all formed of frailty and error; let us pardon reciprocally each others’ folly - that is the first law of nature.” - Voltaire

from pyoidc.

How? If I may ask.

from pyoidc.

3 apr 2015 kl. 13:35 skrev Steven Roose [email protected]:

How? If I may ask.

Haven’t done exactly this so take this more as an outline then a
ready to use service.

When you configure the OP you have to define which authentication methods to use.
There are a couple of examples of such methods in src/oic/utils/authn the one of most
interest to you would be LDAPAuthn in ldapc.py.

This is just example code so you will probably have to modify it to work with
how your LDAP is laid out.

The second thing you need is where to get the user info.
Again you can find an example in the distribution, this time in src/oic/utils/userinfo/ldap_info.py .

Completely lacking documentation, sorry about that, but if you know ldap you can probably figure out
what’s needed to be done.

I’ll be happy to help you get it working.
Don’t have the time to do it for you though.

• Roland

"It is the consequence of humanity. We are all formed of frailty and error; let us pardon reciprocally each others’ folly - that is the first law of nature.” - Voltaire

from pyoidc.

I've never used LDAP myself either :p

I'm planning to move away from public cloud services and a lot of
alternative software (e-mail server, XMPP, CalDAV server) supports LDAP to
ease the user management aspect. I'd like to have a self-hosted OpenID
provider as well to do away with Gmail completely.

So I'll probably take a look at the files you mentioned and try to figure
it out once I got LDAP and the other things running. (I hope I'll get some
more insight in how LDAP works by then.)

On Fri, Apr 3, 2015 at 5:58 PM, Roland Hedberg [email protected]
wrote:

3 apr 2015 kl. 13:35 skrev Steven Roose [email protected]:

How? If I may ask.

Haven’t done exactly this so take this more as an outline then a
ready to use service.

When you configure the OP you have to define which authentication methods
to use.
There are a couple of examples of such methods in src/oic/utils/authn the
one of most
interest to you would be LDAPAuthn in ldapc.py.

This is just example code so you will probably have to modify it to work
with
how your LDAP is laid out.

The second thing you need is where to get the user info.
Again you can find an example in the distribution, this time in
src/oic/utils/userinfo/ldap_info.py .

Completely lacking documentation, sorry about that, but if you know ldap
you can probably figure out
what’s needed to be done.

I’ll be happy to help you get it working.
Don’t have the time to do it for you though.

• Roland

"It is the consequence of humanity. We are all formed of frailty and
error; let us pardon reciprocally each others’ folly - that is the first
law of nature.” - Voltaire

—
Reply to this email directly or view it on GitHub
https://github.com/rohe/pyoidc/issues/77#issuecomment-89336744.

from pyoidc.

3 apr 2015 kl. 18:05 skrev Steven Roose [email protected]:

I’ve never used LDAP myself either :p

I was actually part of the group that wrote the LDAP standards :-)
Ran the IETF working group for a number of years too.

So I know LDAP :-) :-)
Just haven’t connected my OIDC server to a LDAP server yet.

I'm planning to move away from public cloud services and a lot of
alternative software (e-mail server, XMPP, CalDAV server) supports LDAP to
ease the user management aspect. I'd like to have a self-hosted OpenID
provider as well to do away with Gmail completely.

So I'll probably take a look at the files you mentioned and try to figure
it out once I got LDAP and the other things running. (I hope I'll get some
more insight in how LDAP works by then.)

• Roland

"It is the consequence of humanity. We are all formed of frailty and error; let us pardon reciprocally each others’ folly - that is the first law of nature.” - Voltaire

from pyoidc.

@stevenroose, have you gotten any further with this?

I'm also looking at doing something with LDAP in the coming months.

from pyoidc.

@lwm No, I haven't looked at this anymore, honestly.

from pyoidc.

I've rigged something up and it should be documented. Tagging this one as such.

from pyoidc.