-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Joseph L. Casale wrote:
> I have been hunting for a while for a LAMP based CMS that offloads *all* user
> and
> cms group perms to an Active Directory site. I see midgard even has SSO Kerb
> based
> support (cool). Can it map all its group permissions to the AD site as well,
> so if
> I make an AD Security Group called Midgard-{Users,Publishers,Managers} etc,
> it would
> map AD users accordingly? The goal would be to not maintain any user/group
> config
> inside the cms except the initial associations for what AD group has what
> internal
> perms. Writing back to AD is not required.
>
Basically you will need to make a script that will get the user and
group data from AD and update the Midgard objects accordingly, we
(www.nemein.com) have done something like this (only managing user
accounts, the group permissions are handled on Midgard end due to
various reasons) for a handful of customers (login is done using
Kerberos SSO).
The loginbroker Piotras refers to is heavily designed towards Shibboleth
and similar system which provide all the neccessary person and
affiliation(=membership) data to Apache environment, it then manages
accounts and memberships accordinly and creates a local Midgard login
session and passes on to the target site (when you have tens of subsites
and expect to have hundreds, having managing proper SSL certificates,
IPs etc for all of them gets expensive real quick).
In your case I don't think the MidgardAuthTrustedCreateUser will help
you much, since you will have to handle the groups somehow based on AD data.
/Rambo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJfcnni7iLtQbxbW8RA2boAJ4iS5mRLOQv0zLKxTc3lnrf0+uXowCbBR5A
2dXeO1gOUyRXrNGLPzSFs3M=
=PyjL
-----END PGP SIGNATURE-----
_______________________________________________
user mailing list
[email protected]
http://lists.midgard-project.org/mailman/listinfo/user
