[Tiki-devel] LDAP synchronization attributes

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Tiki-devel] LDAP synchronization attributes

Jean-Marc Libs
Hi devs,

In our LDAP login configuration, we have currently 3 fields for synchronizing 3 Tiki user attributes with the LDAP values.
This works fine: when the attribute is changed in the LDAP, it is changed for the user at the next login.
The attributes are the following:
* Realname attribute
* Country attribute
* Email attribute

Is there need for more? Does anyone using LDAP authentication regret not having one or two more?

These are all available in various existing standard LDAP, but maybe there are needs for more.


I am evaluating creating a "tiki" objectClass for the openLDAP which is coming with wikisuite, which would give 2 main benefits:
* Have the Tiki-related fields in the "add user" feature of the wikisuite LDAP, so they can be changed in the user directory instead of Tiki and synchronized with Tiki.
* Not interfere with existing fields, like the wikisuite mail LDAP attribute which is an internal wikisuite-managed email and not the "whatever email you already use on the internet" which would help "I forgot my password" function.

Since LDAP schemas are not very flexible, I'd like to get a list of everything we need first, then look up the objectClass creation.

Please answer either here or there: https://doc.tiki.org/LDAP%2Battributes%2Bsynchronization



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Tiki-devel] LDAP synchronization attributes

Cloutier, Philippe (DGARI-Consultant)
Thanks for asking Jean-Marc,
The problem of my employer is that the LDAP's realname attribute is not in the usual format "Firstname Lastname" (but rather "Lastname, Firstname"). So synchronization of first name and last name independently could help us, but since these don't exist independently in Tiki user properties, not really, I don't see what more could help currently.

>De : Jean-Marc Libs [mailto:[hidden email]]
>Envoyé : 22 juillet 2017 12:45
>À : Tikiwiki developers <[hidden email]>
>Objet : [Tiki-devel] LDAP synchronization attributes
>
>Hi devs,
>In our LDAP login configuration, we have currently 3 fields for synchronizing 3 Tiki user attributes with the LDAP values.
>This works fine: when the attribute is changed in the LDAP, it is changed for the user at the next login.
>The attributes are the following:
>* Realname attribute
>* Country attribute
>* Email attribute
>Is there need for more? Does anyone using LDAP authentication regret not having one or two more?
>
>These are all available in various existing standard LDAP, but maybe there are needs for more.
>
>I am evaluating creating a "tiki" objectClass for the openLDAP which is coming with wikisuite, which would give 2 main benefits:
>* Have the Tiki-related fields in the "add user" feature of the wikisuite LDAP, so they can be changed in the user directory instead of Tiki and synchronized with Tiki.
>* Not interfere with existing fields, like the wikisuite mail LDAP attribute which is an internal wikisuite-managed email and not the "whatever email you already use on the internet" which would help "I forgot my password" function.
>Since LDAP schemas are not very flexible, I'd like to get a list of everything we need first, then look up the objectClass creation.
>Please answer either here or there: https://doc.tiki.org/LDAP%2Battributes%2Bsynchronization
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Tiki-devel] LDAP synchronization attributes

luciash d' being
Hi,

there is preference to sync First name and Last name field of a User
Tracker to the realName preference field so you could do with that:

https://doc.tiki.org/User-Tracker#To_synchronize_the_realName_user_preference_from_fields_in_the_tracker

For example you could enter there: 11+10

The problem might be with the comma though as it is used as a delimiter
for the “User tracker IDs to sync prefs from:” preferred fields.

luci


On 24.7.2017 19:36, Cloutier, Philippe (DGARI-Consultant) wrote:

> Thanks for asking Jean-Marc,
> The problem of my employer is that the LDAP's realname attribute is not in the usual format "Firstname Lastname" (but rather "Lastname, Firstname"). So synchronization of first name and last name independently could help us, but since these don't exist independently in Tiki user properties, not really, I don't see what more could help currently.
>
>> De : Jean-Marc Libs [mailto:[hidden email]]
>> Envoyé : 22 juillet 2017 12:45
>> À : Tikiwiki developers <[hidden email]>
>> Objet : [Tiki-devel] LDAP synchronization attributes
>>
>> Hi devs,
>> In our LDAP login configuration, we have currently 3 fields for synchronizing 3 Tiki user attributes with the LDAP values.
>> This works fine: when the attribute is changed in the LDAP, it is changed for the user at the next login.
>> The attributes are the following:
>> * Realname attribute
>> * Country attribute
>> * Email attribute
>> Is there need for more? Does anyone using LDAP authentication regret not having one or two more?
>>
>> These are all available in various existing standard LDAP, but maybe there are needs for more.
>>
>> I am evaluating creating a "tiki" objectClass for the openLDAP which is coming with wikisuite, which would give 2 main benefits:
>> * Have the Tiki-related fields in the "add user" feature of the wikisuite LDAP, so they can be changed in the user directory instead of Tiki and synchronized with Tiki.
>> * Not interfere with existing fields, like the wikisuite mail LDAP attribute which is an internal wikisuite-managed email and not the "whatever email you already use on the internet" which would help "I forgot my password" function.
>> Since LDAP schemas are not very flexible, I'd like to get a list of everything we need first, then look up the objectClass creation.
>> Please answer either here or there: https://doc.tiki.org/LDAP%2Battributes%2Bsynchronization
>>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> TikiWiki-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Tiki-devel] LDAP synchronization attributes

Torsten Fabricius-4
In reply to this post by Jean-Marc Libs
Hello Jean-Marc,

Soon or midterm I need LDAP authentication for two organisations (NPOs).

I think, we will likely need more fields or find them handy to have if possible.
Sadly I am not experienced in LDAP and the relevant collegues who are the guys keen to centralise login and get real SSO into place do not have time (or resist to priorise) to setup a concept with me. Maybe we can have a talk about the use case and the see, if more fields would be necessary or helpful or unnecessary?

Regards,
Torsten

On 22.07.2017 18:45, Jean-Marc Libs wrote:
Hi devs,

In our LDAP login configuration, we have currently 3 fields for synchronizing 3 Tiki user attributes with the LDAP values.
This works fine: when the attribute is changed in the LDAP, it is changed for the user at the next login.
The attributes are the following:
* Realname attribute
* Country attribute
* Email attribute

Is there need for more? Does anyone using LDAP authentication regret not having one or two more?

These are all available in various existing standard LDAP, but maybe there are needs for more.


I am evaluating creating a "tiki" objectClass for the openLDAP which is coming with wikisuite, which would give 2 main benefits:
* Have the Tiki-related fields in the "add user" feature of the wikisuite LDAP, so they can be changed in the user directory instead of Tiki and synchronized with Tiki.
* Not interfere with existing fields, like the wikisuite mail LDAP attribute which is an internal wikisuite-managed email and not the "whatever email you already use on the internet" which would help "I forgot my password" function.

Since LDAP schemas are not very flexible, I'd like to get a list of everything we need first, then look up the objectClass creation.

Please answer either here or there: https://doc.tiki.org/LDAP%2Battributes%2Bsynchronization




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
Loading...