>On Tue, Feb 3, 2009 at 6:08 AM, David Koelmeyer > > So; if I use the Roller Admin interface to create a user "davekoelmeyer", and > create > the same account in LDAP (uid=davekoelmeyer,ou=People,dc=example,dc=com), > then the LDAP credentials override whatever I had set when the account was > created in Roller - works. Without an existing Roller account however, I > can't log in at all.
> From: Dave [[email protected]] > > LDAP just stores the user credentials and attributes, you also need an > SSO system to maintain login state. It's been a while since I tried > this but, assuming you have an SSO system, this is how things should > work: > > 1 - User arrives at Roller and attempts to login or access a protected > resource > 2 - User directed to SSO system to login > 3 - User returns to Roller, Roller recognizes that he is logged in already > 4 - Roller asked user to register, pre-populates the form with LDAP > data and does not ask for password > 5 - After user registers, things should work as expected Hi Dave, Thanks - that makes things clearer. I guess if I'm not wanting to use a SSO service at this stage then having Roller behave in the way I've described above should be safe enough. I have question about the line in this blog I followed at: http://blogs.sun.com/treydrake/entry/opends_roller_integration "Note: the user must belong to a LDAP group named “register”" I now want to have a crack at using our enterprise LDAP with Roller; it's split into dozens of administrative domains (tens of thousands of user accounts), and due to this I am not permitted to create an LDAP group for Roller users with cn=register (only, say, cn=roller-users.eng) Do you have any pointers how I can configure Roller so that I can customise the LDAP group Roller users belong to? Sorry for these questions - I'm having to learn things from absolute scratch as I go. Thanks :) Dave
