Hi Todd,
Todd Nine wrote:
Hi all,
My friend and I are starting a small business, and I would like to
set up Apache Directory Server as a great alternative to Active
Directory. My experience is mostly with AD, and I have a bit of
experience with Open Ldap. We have already set up Google Hosted
services, and I'd like to create a plug in to DS to use Google's SAML
web service. Is it possible to create a custom plugin, similar to the
one here
http://cwiki.apache.org/confluence/display/DIRxSRVx11/Implementing+an+alternative+Backend.
The behavior I would want is the following.
1. Try to authenticate locally
2. If the user doesn't exist, or the password fails, try to log in
with the SAML service
3. If the SAML service authenticates, synchronize the user name and
password.
We're only going to have one root DN. Is it possible to do this, or
is there no way to chain the authentication schemes together?
Well, this is very interesting. This is definitively something you might
do, but may be by adding a simple interceptor instead of implementing
another backend.
The interceptors are very like tomcat's filters : you can route a
request to a distant authentication system, or in case the local authent
fails, just try to authenticate using some SAML service.
This is something we have to dig... I'm afraid that I may lack some time
in the next few days to give you more informations, but this is a first
step.
Alex, any insight ?
In any case, just poll us if we are not responsive ...
Thanks !
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
