You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@roller.apache.org by Steve McCain <s....@Bradford.ac.uk> on 2008/05/14 16:47:11 UTC
authenticating w.bloggar user
I have ldap authentication working for users logging on directly from
the roller login page
but accessing blogs from w.bloggar via /roller/roller-services/xmlrpc
still needs the user's
database user/password combination.
How can I configure xmlrpc access to use ldap authentication?
thanks
Steve
Re: authenticating w.bloggar user
Posted by Dave <sn...@gmail.com>.
On Wed, May 14, 2008 at 10:47 AM, Steve McCain <s....@bradford.ac.uk> wrote:
> I have ldap authentication working for users logging on directly from the
> roller login page
> but accessing blogs from w.bloggar via /roller/roller-services/xmlrpc still
> needs the user's
> database user/password combination.
> How can I configure xmlrpc access to use ldap authentication?
I think you've hit a limitation of Roller. For web services, Roller
checks the password sent by the client against the password stored in
the database. If you are authenticating against LDAP, that will not
work for you. I just filed an ISSUE for this:
https://issues.apache.org/roller/browse/ROL-1718
- Dave
Re: authenticating w.bloggar user
Posted by Phillip Rhodes <mi...@cpphacker.co.uk>.
Steve McCain wrote:
> Philip,
>
> Thanks for the comments. Sorry I should have mentioned that I'm using
> Roller 4.0
>
> I'm hoping there is a simple setting somewhere to use ldap
> authentication for xmlrpc
> clients.
I'm not aware of anything like that. AFAIK, the whole point of the
new UserManager work was exactly to enable externalizing that aspect
of authentication. I suppose that in the future Roller might ship
with different UM implementations are are pre-geared for different
scenarios, then it could be a simple setting to toggle which
implementation is used at runtime. But as far as I know at the moment
(and Dave or somebody correct me if I'm wrong, please) the only way
to do it now would be to write a custom UserManager and rebuild
Roller from source with your UM wired in.
TTYL,
--
Phillip Rhodes
Chief Architect - OpenQabal
https://openqabal.dev.java.net
LinkedIn: http://www.linkedin.com/in/philliprhodes
Re: authenticating w.bloggar user
Posted by Steve McCain <s....@Bradford.ac.uk>.
Philip,
Thanks for the comments. Sorry I should have mentioned that I'm using
Roller 4.0
I'm hoping there is a simple setting somewhere to use ldap
authentication for xmlrpc
clients.
Steve
Phillip Rhodes wrote:
> Steve McCain wrote:
>> I have ldap authentication working for users logging on directly from
>> the roller login page
>> but accessing blogs from w.bloggar via /roller/roller-services/xmlrpc
>> still needs the user's
>> database user/password combination.
>> How can I configure xmlrpc access to use ldap authentication?
>
> What version of Roller are you using? The newest code (not even sure
> if this is in a shipping version or not) has the authentication
> abstracted out using the UserManager interface, so you can implement
> a custom UserManager and wire it in, in order to authenticate against
> an external source at the API level.
>
> I just went through the exercise of writing a custom UserManager like
> this, as part of the initiative to integrate Roller with OpenQabal...
> I was planning to write up a blog post explaining the whole thing, in all
> it's gory details. I'll try to make it a point to get that up soon in
> case it will be of benefit here.
>
>
> TTYL,
>
>
Re: authenticating w.bloggar user
Posted by Phillip Rhodes <mi...@cpphacker.co.uk>.
Steve McCain wrote:
> I have ldap authentication working for users logging on directly from
> the roller login page
> but accessing blogs from w.bloggar via /roller/roller-services/xmlrpc
> still needs the user's
> database user/password combination.
> How can I configure xmlrpc access to use ldap authentication?
What version of Roller are you using? The newest code (not even sure
if this is in a shipping version or not) has the authentication
abstracted out using the UserManager interface, so you can implement
a custom UserManager and wire it in, in order to authenticate against
an external source at the API level.
I just went through the exercise of writing a custom UserManager like
this, as part of the initiative to integrate Roller with OpenQabal... I
was planning to write up a blog post explaining the whole thing, in all
it's gory details. I'll try to make it a point to get that up soon in
case it will be of benefit here.
TTYL,
--
Phillip Rhodes
Chief Architect - OpenQabal
https://openqabal.dev.java.net
LinkedIn: http://www.linkedin.com/in/philliprhodes