00514: AuthUser LPDAP, SSO improvement
Description: Hi, using LDAP to authenticate users brings the possibility to work with user data
- Userid
- Firstname
- Name
- Nickname
- ...
- Credentials
It would be nice to add almost reserved variable names for Firstname, Name, Nickname in addition to AuthorId
Also, it would be nice to have the capability to link the view modes and authorizations to credentials existing in the LDAP or SSO directory
It would certainly be possible for us to store the authenticated LDAP record in a variable somewhere; the wiki administrator could then use the values as desired.
I think the only thing to do is to define reserved variables names --Isidor
What sorts of credentials are you wanting to use for authorization? (I'm presuming that again it wouldn't be difficult for an admin to set up authorizations and view modes if the LDAP or SSO entry is immediately available.)
In my current alumni project, I've got 17000 users in almost 200 Chapters, today we've setup 40 wikis in a farm and we're dealing with basic authentications process, You're authenticated you could edit the wiki.
For a few projects we have more security ans we define per group or page an list of authorized users (read/write/upload/admin) this could work for 5 peoples. It's more difficult when the group goes to 20, 50 or 150 users which is the average size of our Chapters.
But, in each wiki it will be possible after someone is authenticated from SSO to define credential from one or two LDAP/SSO entries, for example:
* each member from Chapter 24 would have en entry like 'xxx.ch24' members from Chapter 25 would have an 'yyy.ch25' users from both chapters will have 'xxx.ch24/yyy.ch25'. So with an regexp on this entry we could define the right credential for read/write --Isidor
--Pm
This issue has gone long unanswered; I'm abandoning it for now -- open as a new issue (and refer to this one) if it's still needed.
--Pm