Hello,
My first excursion into Naviserver module development is nsauthn:
https://github.com/jorge-leon/nsauthn
The module builds on the new `ns_register_auth` function and implements
a minimum of the ideas discussed about a month ago, namely Basic HTTP
Authentication against passwd files and against LDAP/AD.
The repository contains a README.md file with hopefully sufficient
detail to get started. Most likely I will set up a documented demo on
https://naviserver.magma-soft.at in the near future.
I ran into some issues I could not overcome yet.
Passing on Information to the request handler:
I tried to use the [ns_conn auth] ns_set from within the registered
callback to pass on information to the rest of the request processing
chain. This did not work out, I received: Warning: authorize script
error: no connection
Is there some other way to get to ns_conn at that place, or to pass on
information for later consumption?
nsldap Issues
I'm inclined to do some maintenance of the nsldap module, just for the
record:
* Deprecation warnings during build.
* The pre-processor macro LDAPV3 has to be defined manually when
building in order to work with current LDAP server versions.
* Ns_ModuleInit() returns extraneously when scheduling a background
procedure: I worked around by setting maxidle to 0 in the pool
configuration.
* The ns_ldap search documentation mentions that attributes to be
extracted can be specified after the filter.
o This is not consistently documented.
o If using an empty filter *and* an attribute to extract, an
assertion is triggered and nsd exits.
* Thorough documentation of all configuration options is missing.
* Current LDAP client library implementations encourage the use of
LDAP URI's instead of host, port and schema. This would be a useful
enhancement.
Controlled Creation of the auth Chain
Initially I had the idea of separating authentication and authorization
and have the admin of the server decide how and in which order to run
respective "filters". The current implementation does not give exact
control over the order of registration of auth callbacks. I'll have to
learn more on the details of Naviserver configuration.
Global Initialzation of a Tcl Module
The nsauthn module implements caching of credentials from passwd files.
For this I wanted to use a global initialization procedure, run before
any server is initialized. Alas I did not find if this is even possible.
Any info on this is appreciated.
- - -
Best Regards,
Georg
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
