Opencast LDAP

17 views
Skip to first unread message

Gregor Eichelberger

unread,
Nov 10, 2022, 5:33:06 AM11/10/22
to Opencast Users
Hi,

I changed parts of the LDAP user directory implementation to have feature parity (regarding role mapping)  between using  LDAP for authentication and authorization and using LDAP for authorization only.
At our institution, we are using LDAP only for authorization, so I could only test it together with Shibboleth for authentication.

Is there anyone who could test these PRs together with LDAP authentication? I would appreciate feedback, especially regarding the documentation.

Refactoring of the LDAP user directory enables you to use all mapping features of the user directory implementation for authorization only: https://github.com/opencast/opencast/pull/4383

Retrieve user attributes like name and mail from LDAP: https://github.com/opencast/opencast/pull/4440

Best regards
Gregor

Ruth Lang

unread,
Nov 11, 2022, 5:03:23 AM11/11/22
to Opencast Users, gregor.ei...@tuwien.ac.at
Hi Gregor,

here in Cologne we are interested in your modifications and want to test them. Unfortunately we haven't found  the time to deal with the development branch yet. Is it easy to  backport to version 12 ?

Best Regards
Ruth

Gregor Eichelberger

unread,
Nov 11, 2022, 5:08:33 AM11/11/22
to Opencast Users, Ruth Lang, Gregor Eichelberger
Hi Ruth,

I developed the feature for 12 and cherrypicked it onto develop. It should be pretty easy to backport.

Best Regards
Gregor

Ruth Lang

unread,
Nov 16, 2022, 2:25:11 PM11/16/22
to Opencast Users, gregor.ei...@tuwien.ac.at, Ruth Lang
Hi Gregor,

Your changes to the LDAP part finally do what I've wanted for a long time - namely, separating authentication and authorization. All LDAP attributes can now be used without any workarounds or code changes  - either directly or with role mapping.
We will use it to replace our local LDAP adjustments.  Good work, thank you !

Best Regards
Ruth
Reply all
Reply to author
Forward
0 new messages