On Tue, Feb 3, 2009 at 6:08 AM, David Koelmeyer <[email protected]> wrote: > After a long time trying to get this to work, I've determined that I can use > LDAP > for authorization only if there is a prexisting account created with the > Roller admin > GUI. This is counter to what I was expecting I guess, in that I assumed an > LDAP > authorised user would be let in, dynamically creating a Roller account using > info > from the user's LDAP attributes in the process. > > So; if I use the Roller Admin interface to create a user "davekoelmeyer", and > create > the same account in LDAP (uid=davekoelmeyer,ou=People,dc=example,dc=com), > then the LDAP credentials override whatever I had set when the account was > created in Roller - works. Without an existing Roller account however, I > can't log in at all. > > Would someone be able to confirm if this is by design or am I missing a step > somewhere? :)
LDAP just stores the user credentials and attributes, you also need an SSO system to maintain login state. It's been a while since I tried this but, assuming you have an SSO system, this is how things should work: 1 - User arrives at Roller and attempts to login or access a protected resource 2 - User directed to SSO system to login 3 - User returns to Roller, Roller recognizes that he is logged in already 4 - Roller asked user to register, pre-populates the form with LDAP data and does not ask for password 5 - After user registers, things should work as expected Hope that helps... - Dave
