Logged in: Logged in as: Log in
Register
Locations of visitors to this page SourceForge.net
free download
install guides
free wiki hosting
enterprise support
.
support
partners
Search:
Page last modified 23:53, 2 Jul 2008 by MaxM
Permalink: http://tinyurl.com/5whj3e
User:maxm > MindTouch Connect

MindTouch Connect

(name pending)

 

Problem

Organizations often deploy multiple public facing applications to build their communities along with MindTouch Deki. These may include bug trackers, blogs, forums, etc. The issue is how does a new user to the community create an account in one place that can be used by all of the applications involved? Each application generally has a means of creating accounts to be used by them but this requires the user to create accounts in multiple places hopefully with the same username. One solution is to pick an application that does the account creation and either have that app create accounts in all the databases with techniques reverse engineered from the code (such as how the password gets hashed). This sucks. Another solution is to modify each application to pull account data from other apps from their database or API. This involves custom development and depending on how well each app handles externally authenticated accounts, may cause problems as you need to update the app and may be difficult to implement.

Solution

Rely on a simple app whose purpose is to register and login members into the community: MindTouch Connect (name pending). Its main purpose is to allow new users to be registered and for the user account to be stored into LDAP. Having user accounts stored in LDAP offers a means of a simple, standardized, and established way of having applications authenticate and lookup user details as they need. Most established applications -- open or closed source -- already have a means of relying on LDAP.

Implementation

Development of this app can easily be broken up into several phases allowing incrementally increased utility

Phase 1: Registration

Implement a skinnable form for allowing new users to be registered into LDAP.

It needs to be:

  • Easy and user friendly. Enter only the bare essential fields -- name, email address, password.
  • Extensible allowing other pieces of data to be required such as full name, phone number, address, whatever...
  • Secure allowing the use of a captcha.
Phase 2:  Login and single sign on

Login in one place using either a form based login or web server auth module (mod_authz_ldap). This allows a cgi variable to be set (REMOTE_USER) and applications can trust that the user is who he claims with the presence of that value. Alternatively, MindTouch Connect can post to each app's login form with the username/password and retrieve the cookie thus signing the user into each app. There are some other solutions here as well..

Phase 3: User management

Allow administrators of the community to manage user accounts in LDAP and potentially establish groups. This may simply be a link to a 3rd party web based LDAP manager.

Resources

Hey look drupal did it!  http://drupal.org/project/ldap_provisioning

Tag page
What links here

Files 0

Attach file or image
 

Images 0

 
You must login to post a comment.
Powered by MindTouch Deki v.8.08