LDAP Authentication

This forum covers ideas and discussions on future phpLogCon versions. Most importantly, all discussions on the upcoming version 2 should go here.

Google Ads


LDAP Authentication

Postby bauler » Tue Nov 24, 2009 4:50 pm

Hi all,

i´m curious if there will be LDAP or any other kind of external authentication
mechanism in the near future. If yes, when?
Thank you in advance

Regards,

Stefan
bauler
New
 
Posts: 2
Joined: Tue Nov 24, 2009 4:47 pm

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Re: LDAP Authentication

Postby MrManor » Tue Jun 15, 2010 8:14 pm

I would like to support this request to. And I guess we have a half promise in http://kb.monitorware.com/ldap-support-t10060.html#p18688

The native apache login system could be used and I think only relatively few changes would be required to the application. If the PHP equivalent of the CGI variable REMOTE_USER/AUTH_USER id used in place of the login page - then suddenly a lot different sources for authentication would be supported.
MrManor
New
 
Posts: 3
Joined: Tue Jun 15, 2010 7:49 pm

Re: LDAP Authentication

Postby pkienthusiast » Tue Sep 27, 2011 3:26 pm

Have a look at http://pkienthusiast.wordpress.com/2011 ... example-2/ - you can implement your own ldap authentication :)

Thilo
pkienthusiast
Avarage
 
Posts: 10
Joined: Tue Sep 27, 2011 11:52 am

Re: LDAP Authentication

Postby svenx » Wed Jan 11, 2012 5:31 pm

Yeah, I agree getting basic HTTP authentication in place is a good idea. Then Apache will handle the authentication with whatever modules it has available, including cool stuff like single sign-on Kerberos, etc. Reinventing this in web applications is usually a bad idea (and is easy to do poorly and/or in an inflexible way).

But! I would say it's more interesting to get granular LDAP authorization in place, meaning control over who can access what in the web interface. This would typically be implemented in the application itself, i.e. it will trust the web server's authentication, and then use the information the web server provides it (pretty much only the username in the case of Apache's mod_authnz_ldap) to query additional information (typically group membership) from an LDAP server, and then determine what the user is allowed to access.

When implementing this, it's essential that the configuration is flexible enough to allow any sort of group lookup (not only of type posixGroup, for example, but also groupOfNames, OU, etc) so that admins are free to adapt it to their LDAP-based system, be it OpenLDAP, Active Directory, eDirectory, or anything else.

The application would typically maintain the mappings of which LDAP group has access to which resource. The granularity of this is up to the implementor, but the basic approach would for example be to do something like Graylog2, where you have grant access to "streams". Streams are saved searches that can include anything like hostnames, regexes, etc.

If this is implemented, it's a good idea to check out SAML authentication and authorization for single sign-on as well. The SimpleSAML implementation does actually expose group membership to the web application, so implementing support for it would be trivial.
svenx
New
 
Posts: 3
Joined: Wed Jan 11, 2012 4:34 pm

Re: LDAP Authentication

Postby prune » Mon Jan 23, 2012 5:11 pm

Hi,

I made some code change to support LDAP Auth.
Read article on my blog : http://www.lecentre.net/blog
prune
Avarage
 
Posts: 13
Joined: Mon Jan 23, 2012 5:09 pm

Re: LDAP Authentication

Postby bobby320 » Wed Feb 29, 2012 4:50 pm

Hello,

can someone please provide the steps to integrating authentication to web interface for log analyzer, and in my current environment we don't have LDAP setup, we use local credentials[/etc/passwd file] to login to box - is their simple steps that update configuration and integrate authentication.

or if HTTP authentication is simple and a good idea, can someone please provide the procedure.

and the current version I installed is 3.0.0 of log analyzer,

Thanks,
Kartheek.
bobby320
New
 
Posts: 3
Joined: Mon Feb 27, 2012 9:31 pm

Re: LDAP Authentication

Postby alorbach » Wed Feb 29, 2012 4:54 pm

I am currently adding the LDAP implementation to the main Loganalyzer code. So if you wait for the next beta release of Loganalyzer, you will have LDAP support ready for testing.

best regards,
Andre Lorbach
alorbach
Site Admin
 
Posts: 1627
Joined: Thu Feb 13, 2003 11:55 am

Re: LDAP Authentication

Postby bobby320 » Wed Feb 29, 2012 5:06 pm

lorbach, Thanks for your reply.

I think I may have confused you,

I my environment we don't have LDAP setup,

we use local files[/etc/passwd] to login to host, is their a way to integrate login credentials using local files on the server or if HTTP authentication is simple and a good idea, can you please provide the steps.

Thanks again,
bobby320
New
 
Posts: 3
Joined: Mon Feb 27, 2012 9:31 pm

Google Ads



Return to Future Versions

Who is online

Users browsing this forum: No registered users and 0 guests

cron