[ckan-discuss] LDAP support

• Previous message: [ckan-discuss] LDAP support
• Next message: [ckan-discuss] upload data
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 28 July 2013 19:16, Stéphane Guidoin <stephane at opennorth.ca> wrote:
> Hello,
>
> For an ongoing implementation, we are asked if there is an LDAP support
> integrated in CKAN 2.0.
>
> I did some research and all the answers (including some thread in the
> mailing list and the dev one) are not giving any real response. From what I
> understand, it seems it is more managed at the level of the framework,
> Pylons.
>
> So question:
> - Is there anybody in the room what has plugged CKAN on a LDAP?

I am not aware of any but it may have been done somewhere.

> - Is it possible to have an hybrid model (admins are pulled from the LDAP,
> public users can still create regular accounts to get an API key

This is slightly complicated most of the alternative authentications
schemes that I've worked on drupal7 and saml2 have been replacements
for the ckan authentication and the ckan user registration etc has
been disabled.

Part of the problem is how you would decide to link the ckan user to
the LDAP one.  You do not for example want new users to register as a
user who is on the LDAP if username was the linking field.

Doing a pure LDAP solution shouldn't be too hard, but would still be a
fair bit of work.  Ckan has an IAuthenticator plugins interface that
allows extensions of this type to be created see
https://github.com/okfn/ckanext-drupal7 as an example.  In that
example the full drupal7 registration/login stuff is used.  For an
LDAP system you would probably need to create these in the extension.

> - Is there a "how to" or some guidelines I could follow.

I fear that the answer is no.  The IAuthenticator interface is new and
was developed for particular clients needs.  Also the interactions
between different authentication schemes are by their nature highly
specific.  The  interface is marked as experimental but feels like it
is unlikely to change moving forward.




>
> Stéphane
>
>
> _______________________________________________
> ckan-discuss mailing list
> ckan-discuss at lists.okfn.org
> http://lists.okfn.org/mailman/listinfo/ckan-discuss
> Unsubscribe: http://lists.okfn.org/mailman/options/ckan-discuss
>



-- 
Toby Dacre

The Open Knowledge Foundation

Empowering through Open Knowledge
http://okfn.org/  |  @okfn

• Previous message: [ckan-discuss] LDAP support
• Next message: [ckan-discuss] upload data
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]