Opencast LDAP

[Gregor Eichelberger]

Hi,

I changed parts of the LDAP user directory implementation to have feature parity (regarding role mapping)  between using  LDAP for authentication and authorization and using LDAP for authorization only.
At our institution, we are using LDAP only for authorization, so I could only test it together with Shibboleth for authentication.

Is there anyone who could test these PRs together with LDAP authentication? I would appreciate feedback, especially regarding the documentation.

Refactoring of the LDAP user directory enables you to use all mapping features of the user directory implementation for authorization only: https://github.com/opencast/opencast/pull/4383

Retrieve user attributes like name and mail from LDAP: https://github.com/opencast/opencast/pull/4440

Best regards
Gregor

[Ruth Lang]

Hi Gregor,

here in Cologne we are interested in your modifications and want to test them. Unfortunately we haven't found  the time to deal with the development branch yet. Is it easy to  backport to version 12 ?

Best Regards

Ruth

[Gregor Eichelberger]

Hi Ruth,

I developed the feature for 12 and cherrypicked it onto develop. It should be pretty easy to backport.

Best Regards
Gregor

[Ruth Lang]

Hi Gregor,

Your changes to the LDAP part finally do what I've wanted for a long time - namely, separating authentication and authorization. All LDAP attributes can now be used without any workarounds or code changes  - either directly or with role mapping.

We will use it to replace our local LDAP adjustments.  Good work, thank you !

Best Regards

Ruth