Using CKAN with the Cosign SSO system and LDAP - ldap

I'm using CKAN with Apache and an SSO system called Cosign. Cosign works as an authenticator in Apache and ends up setting REMOTE_USER before the python code fires up. What I'm trying to do is use LDAP user lookup based on that preset REMOTE_USER. Can I do that with the CKAN ldap plugin (http://extensions.ckan.org/extension/ldap/)? Any advice greatly appreciated - I'm a Python and CKAN novice.

The short answer is that ckanext-ldap doesn't do that. What it does is provide a custom login form (username and password) that authenticates the credentials via LDAP. It then creates a session for the corresponding CKAN user, creating a user account first if required. Having it do anything else would require customisation of the extension although there are a number of options documented in its readme that alter the behaviour in small ways.
Whether ckanext-ldap would be a suitable extension to build upon to achieve what you want depends on what you want to do, which isn't clear from your question.

Related

Symfony 3.1: configuration of ldap component as service

I'm writing my first Symfony app and and I need authenticate users over LDAP/AD, but I run out of documentation...
I found many solutions for use LdapClient, but it tagged as deprecated. So, i check for use the new one Ldap class as recommended, but I not found documentation for use it. The documentation of Ldap component for the current version (3.1) suggest to use LdapClient yet! It isn't updated yet?
I don't know how to do: must we create an adapter for add a Ldap service? If so, how to proceed?
Any help will be appreciated, thanks!
Check out this cookbook article for configuring LDAP authentication using the builtin Symfony component:
http://symfony.com/doc/current/cookbook/security/ldap.html
I also have a bundle I maintain that includes LDAP authentication that works well with AD called LdapToolsBundle. It has documentation on the main page for the app/config/config.yml entries needed to configure your domain for use in the bundle, and also some details on configuring authentication in app/config/security.yml here.
The bundle above provides a LDAP service called ldap_tools.ldap_manager that can be used to query/create/modify different types AD objects.
take a look at my Blog:
https://alvinbunk.wordpress.com/2016/03/25/symfony-ad-integration/
This requires FOSUserBundle and FR3DLdapBundle, but I think if you go through all that documentation you should be able to get LDAP/AD integration with Symfony3 working.
EDIT #2
Below is a second easier solution:
https://alvinbunk.wordpress.com/2017/09/07/symfony-ldap-component-ad-authentication/

How to configure SSO and LDAP authentication in Maarch Courrier 1.5

I've installed a DMS called Maarch Courrier, an opensource alternative to SharePoint and Alfresco. I successfully configured my Active Directory to work with it.
But on the first connexion, the software asks AD users to provide a new password to be used in Maarch. So, I'd like to setup Single Sign On with LDAP in the Maarch Courrier DMS. Following this tutorial : http://wiki.maarch.org/Socle_Technique_/_How_to_connect_a_SSO, I tried to configure it but failed. Can anyone help ?
You need to configure the configuration file. You can find it in the ldap module

Two authentication modes in Testlink

I've just installed Testlink and am trying to get familiar with it.
I've even managed to configure authentication using LDAP (Microsoft AD).
But strangely, as soon as I set LDAP as default authentication method, my local test users cannot log on anymore.
If I change back to DB authentication as default auth method, my LDAP users cannot log in anymore.
I've the following set in the configuration file:
$tlCfg->authentication['domain'] = array('DB','LDAP');
$tlCfg->authentication['method'] = 'LDAP';
It seems as if both authentication modes are enabled and LDAP is used as the default.
When editing the user settings of a user, I have a dropdown box named "Authentication method"
It has three entries. One is "Default", the other is "0" and the third is "1".
This led me to the assumption, that I can select the type of authentication used for this account.
But strangely, regardless of which option I choose, the behavior is identical to what I mentioned above.
Is anyone experienced in Testlink?
Does anyone use two authentication modes in parallel with Testlink?
Did anyone see the same issue before? What did you do to solve this issue?
Thanks for your help in advance!
Best regards,
Tom
You can use testlink DB authentication as well as LDAP authentication. You have to set this option when you create user
Dropdown box named "Authentication method" has three entries. One is "Default (LDAP)", the other is "DB" and the third is "LDAP". If you see different options then something is messed up with your TestLink installation. I'm using v1.9.14 on MySQL.

Authentication from multi source in Plone 4?

How can I authenticate user from multiple source altogether ? For example local (ZODB or ldap), facebook and openid.
Do I need to write a new PAS plugin ? Or We can achieve this the existed products ?
There's no need to do anything.
The authentication is already done from all sources at the same time. For ex, if you configure the ldap plugin, Plone's local users can still do login.

JAAS Authentication to Windows Domain

Using a provided username, password, and domain name, how can I retrieve a boolean value indicating if a user has successfully authenticated with a primary domain controller? Authentication should be performed using the Kerberos protocol for windows domain controllers. Thanks in advance, Dan
There's a free implementation of a windows-only JAAS login module and of an SSO Negotiate (Kerberos/NTLM) authenticator: Waffle.
You need to either write your own or use third party Authentication Module for that. When I was doing this, there was nothing available from JDK, so I used this tool. Note that it's GPL, but you can learn from there. You will have to create conf. file describing your authentication module and feed it into your JVM with java.security.auth.login.config property (e.g. using -D, or either way). In case of Tagish it looks something like this:
NTLogin
{
com.tagish.auth.win32.NTSystemLogin required returnNames=true returnSIDs=false defaultDomain="domain";
};
Another thing you will need is to specify kerberos configuration file via java.security.krb5.conf property. I don't have the details of this file handy, but you can easily find it on the net -- google about for krb5.conf. Settings in this file will have to match your windows domain and other windows specific settings.
It's a bit tricky to configure, but for me it worked very well, pretty robust.