You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Mirko Signoretto <mi...@intesys.it> on 2014/06/16 13:08:52 UTC
[Proposal] Syncope LDAP Interface
Hello Syncopers!
I'm asking to this mailing list for a proposal about the implementation of an LDAP Syncope Interface. I think it could be an add-on (external web application like the console) or an included feature.
I have taken a look to this project: MyVD (http://myvd.sourceforge.net/) that can achieve this feature leveraging to the virtual directory concept (using an embedded apache ds)
I ask you:
- How many of you have this requirement in IDM projects ? Many SW can be configured with LDAP authentication, providing the change password feature and I need to maintaining password alignments
- Is there someone who has similar requirements ? Or know some alternatives ?
- Is there someone who knows the myvd project or similar ?
It's an "old" project and is not updated frequently, but I think that is good idea and it could be easy to develop a Syncope Insert.
I'm not a developer and I'm not be able to evaluate how good is the project, the code and the internal architecture.
Any suggestion is appreciated.
Regards, Mirko Signoretto
Links:
http://myvd.sourceforge.net/
http://myvd.sourceforge.net/configureprops.html
R: [Proposal] Syncope LDAP Interface
Posted by Mirko Signoretto <mi...@intesys.it>.
Hi
In general I'm proposing a read/write LDAP interface ahead Syncope. The real needing is to perfoms LDAP operations against Syncope.
It happens when the applications need to connect to an authoritative resource, via LDAP. Very often the requested feature is the password sync, so the user that change his password using a web application (like an intranet) obtains to propagate the password change (by Syncope) to all his resources. Or in other cases is easy performing users bulk actions using a simple add/replace ldif, without writing extra code.
Regards, Mirko Signoretto
-----Messaggio originale-----
Da: Emmanuel Lécharny [mailto:elecharny@gmail.com]
Inviato: mercoledì 18 giugno 2014 10:06
A: dev@syncope.apache.org
Oggetto: Re: [Proposal] Syncope LDAP Interface
Le 17/06/2014 15:31, Francesco Chicchiriccò a écrit :
> Hi,
> generally speaking, you are proposing to provide Syncope with a
> (read-only) LDAP interface for users and roles, suitable for enhancing
> Syncope's integration capabilities.
>
> ATM the simpler way to achieve this is to configure a bundled ApacheDS
> instance that will be assigned to all users and roles.
Did you had a look at Fortress (http://www.openldap.org/fortress/) ?
Re: [Proposal] Syncope LDAP Interface
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 17/06/2014 15:31, Francesco Chicchiriccò a écrit :
> Hi,
> generally speaking, you are proposing to provide Syncope with a
> (read-only) LDAP interface for users and roles, suitable for enhancing
> Syncope's integration capabilities.
>
> ATM the simpler way to achieve this is to configure a bundled ApacheDS
> instance that will be assigned to all users and roles.
Did you had a look at Fortress (http://www.openldap.org/fortress/) ?
Re: [Proposal] Syncope LDAP Interface
Posted by Francesco Chicchiriccò <il...@apache.org>.
Hi,
generally speaking, you are proposing to provide Syncope with a
(read-only) LDAP interface for users and roles, suitable for enhancing
Syncope's integration capabilities.
ATM the simpler way to achieve this is to configure a bundled ApacheDS
instance that will be assigned to all users and roles.
A better solution could be to implement an LDAP interface by re-using
some components from the Apache Directory project - I see this option
much more viable than relying upon a 3rd party, apparently not
maintained, project as myvd.
Having said that, I have never been personally in need of such a
feature: it would be a nice enhancement to Syncope, but it would require
a consistent effort.
Regards.
On 16/06/2014 17:44, Fabio Martelli wrote:
> Il 16/06/2014 13:08, Mirko Signoretto ha scritto:
>>
>> Hello Syncopers!
>>
>> I'm asking to this mailing list for a proposal about the
>> implementation of an LDAP Syncope Interface. I think it could be an
>> add-on (external web application like the console) or an included
>> feature.
>>
> Hi Mirko, I think it could be an interesting add-on.
> Guys, any other opinion about this topic?
>>
>> I have taken a look to this project: MyVD
>> (http://myvd.sourceforge.net/) that can achieve this feature
>> leveraging to the virtual directory concept (using an embedded apache
>> ds)
>>
> The adoption of MyVD sounds like a infrastructural workaround (the
> same could be done by installing an apacheDS + implementing an ad-hoc
> interceptor).
> I'd prefer to have a dedicated/embedded interface (maybe based on some
> ApacheDS components).
>>
>> I ask you:
>>
>> - How many of you have this requirement in IDM projects ? Many SW can
>> be configured with LDAP authentication, providing the change password
>> feature and I need to maintaining password alignments
>>
>> - Is there someone who has similar requirements ? Or know some
>> alternatives ?
>>
>> - Is there someone who knows the myvd project or similar ?
>>
> No experience (till now) from my side.
>>
>> It's an "old" project and is not updated frequently, but I think that
>> is good idea and it could be easy to develop a Syncope Insert.
>>
>> I'm not a developer and I'm not be able to evaluate how good is the
>> project, the code and the internal architecture.
>>
>> Any suggestion is appreciated.
>>
> As suggested above, in case of infrastructural solution, I'd prefer
> ApacheDS + ad-hoc interceptor.
>
> Waiting for other point of views ....
> Best regards,
> F.
>
>> Regards, Mirko Signoretto
>>
>> Links:
>>
>> http://myvd.sourceforge.net/
>>
>> http://myvd.sourceforge.net/configureprops.html
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
Re: [Proposal] Syncope LDAP Interface
Posted by Fabio Martelli <fa...@gmail.com>.
Il 16/06/2014 13:08, Mirko Signoretto ha scritto:
>
> Hello Syncopers!
>
> I'm asking to this mailing list for a proposal about the
> implementation of an LDAP Syncope Interface. I think it could be an
> add-on (external web application like the console) or an included feature.
>
Hi Mirko, I think it could be an interesting add-on.
Guys, any other opinion about this topic?
>
> I have taken a look to this project: MyVD
> (http://myvd.sourceforge.net/) that can achieve this feature
> leveraging to the virtual directory concept (using an embedded apache ds)
>
The adoption of MyVD sounds like a infrastructural workaround (the same
could be done by installing an apacheDS + implementing an ad-hoc
interceptor).
I'd prefer to have a dedicated/embedded interface (maybe based on some
ApacheDS components).
>
> I ask you:
>
> - How many of you have this requirement in IDM projects ? Many SW can
> be configured with LDAP authentication, providing the change password
> feature and I need to maintaining password alignments
>
> - Is there someone who has similar requirements ? Or know some
> alternatives ?
>
> - Is there someone who knows the myvd project or similar ?
>
No experience (till now) from my side.
>
> It's an "old" project and is not updated frequently, but I think that
> is good idea and it could be easy to develop a Syncope Insert.
>
> I'm not a developer and I'm not be able to evaluate how good is the
> project, the code and the internal architecture.
>
> Any suggestion is appreciated.
>
As suggested above, in case of infrastructural solution, I'd prefer
ApacheDS + ad-hoc interceptor.
Waiting for other point of views ....
Best regards,
F.
> Regards, Mirko Signoretto
>
> Links:
>
> http://myvd.sourceforge.net/
>
> http://myvd.sourceforge.net/configureprops.html
>
--
Fabio Martelli
Tirasa - Open Source Excellence
http://www.tirasa.net/
Apache Syncope PMC
http://people.apache.org/~fmartelli/
Re: [Proposal] Syncope LDAP Interface
Posted by Fabio Martelli <fa...@gmail.com>.
Il 16/06/2014 13:08, Mirko Signoretto ha scritto:
>
> Hello Syncopers!
>
> I'm asking to this mailing list for a proposal about the
> implementation of an LDAP Syncope Interface. I think it could be an
> add-on (external web application like the console) or an included feature.
>
Hi Mirko, I think it could be an interesting add-on.
Guys, any other opinion about this topic?
>
> I have taken a look to this project: MyVD
> (http://myvd.sourceforge.net/) that can achieve this feature
> leveraging to the virtual directory concept (using an embedded apache ds)
>
The adoption of MyVD sounds like a infrastructural workaround (the same
could be done by installing an apacheDS + implementing an ad-hoc
interceptor).
I'd prefer to have a dedicated/embedded interface (maybe based on some
ApacheDS components).
>
> I ask you:
>
> - How many of you have this requirement in IDM projects ? Many SW can
> be configured with LDAP authentication, providing the change password
> feature and I need to maintaining password alignments
>
> - Is there someone who has similar requirements ? Or know some
> alternatives ?
>
> - Is there someone who knows the myvd project or similar ?
>
No experience (till now) from my side.
>
> It's an "old" project and is not updated frequently, but I think that
> is good idea and it could be easy to develop a Syncope Insert.
>
> I'm not a developer and I'm not be able to evaluate how good is the
> project, the code and the internal architecture.
>
> Any suggestion is appreciated.
>
As suggested above, in case of infrastructural solution, I'd prefer
ApacheDS + ad-hoc interceptor.
Waiting for other point of views ....
Best regards,
F.
> Regards, Mirko Signoretto
>
> Links:
>
> http://myvd.sourceforge.net/
>
> http://myvd.sourceforge.net/configureprops.html
>
--
Fabio Martelli
Tirasa - Open Source Excellence
http://www.tirasa.net/
Apache Syncope PMC
http://people.apache.org/~fmartelli/