Developers of Sympa

[Mark Cheverton <address@concealed>]

Olivier Salaun wrote:
> 
> We are planning development related to LDAP that will begin next june.
> It concerns :
>         o user authentication querying an LDAP directory. This implies that
>         we won't access the password in clear form anymore => no password
>         reminder / change
> 
>         o conditions in scenario rules, could refer to LDAP query
>         (ie: is the sender a bilogie teacher, is the sender an accountant)
> 
> Before we start these developments, we need to surround Sympa's relation
> with LDAP directories.
> 
> Tell us about your needs with LDAP and Sympa, so that the implementation
> meets your needs :
> 
> Will you use a single LDAP directory ?

        Yes, although servers may be split in the future so it would be nice 
to
write in handling ldap referals if possible.

> Are user passwords encrypted in the directory ?

        Yes as MD5 hashes. You'll find that almost all directories will store
passes encrypted leaving you two options - compare the md5 hash which
will probably require binding as an administrator (depending on how much
security the server is setup with) or bind as the user (means possible
overhead in socket connections, not desirable for big lists).

> What about people not in your directory (public MLs) ?

        Im seeing this purely for auth purposes. The subscriber DB (or
flatfile) will still exist, but if a user is accessing wwsympa then they
authorise against the ldap database, if they havent got an account they
have to create one (through the hosts custom interface) which isn't
really any different from having to register into an SQL system, its
just handled by the hosters scripts.

> What query(ies) should Sympa perform to check the password, knowing
> the user email ?
> 

        One thing that should be highlighted to hosters is that if they have a
facility for users to change their ldap stored email address, they
should also update the subscribers table.

        So to summarise, what I'm looking for is simply a way to use the ldap
directory for logins through wwsympa so that the users don't have to
maintain yet another username/password. The ldap queries are very useful
for building up internal lists for mailout (all people who have a
birthday today) but I'm  happy to stick to the SQL database for public
lists which gets round the need for public subscribers needing to be
registered.
        
> 
> There is no such feature in Sympa for selecting users from SQL and then
> get
> corresponding emails from LDAP. This is quite a magrinal need ; I
> suggest
> you adapt your information system to add user emails in your SQL tables.
> Did you try doing JOINs.
> 
        It kind of defeats the point of centralising the email address (as 
part
of a users personal details) in one place (the ldap directory) but I
understand this probably isnt a common requirement.

-Ennui
-- 
Mark Cheverton aka [MORAT]Ennui                         http://morat.net/
Morat Games                                             ICQ: 42123856

    Free hosting for clans including discussion boards, email etc.
    If you need hosting for your clan with all the gaming extras
    see http://clans.morat.net/hosting.phtml

                       --+++ Less Lag More Frag +++--