ep_ldapauth

[Andrew Grimberg]

Greetings folks,

I figured I would send out a note that I just pushed out a new authentication plugin: ep_ldapauth.

I had need of authenticating and authorizing users against an LDAP system and found that there wasn't a plugin already so wrote this. I'm not particularly happy with doing it all via HTTP Basic Auth right now but it at least works. Would love feedback, ideas, patches on how to improve it to not work via HTTP Basic Auth so folks can logout without having to close their browser.

The authorization component is just for authorizing into /admin pages at present.

-Andy-

[John McLear]

Awesome :)  Would check it out if I had an ldap server to test against, I know a few people such as Rob Helmer will find this interesting!

--
You received this message because you are subscribed to the Google Groups "Etherpad Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to etherpad-lite-...@googlegroups.com.
To post to this group, send email to etherpad...@googlegroups.com.
Visit this group at http://groups.google.com/group/etherpad-lite-dev?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Andrew Grimberg]

Just an update. I've pushed version 0.0.5 of this just a little bit ago.

Changes:

Now sets the user display name for pads to the CN of the user that is
authenticating

Fixed an authorize bug for users that had not logged in yet (no user
object stored in the session)

-Andy-

[azzer...@gmail.com]

Hi,

I'm new to Etherpad. I'm working in education, and I need to allow only some users to create pads (namely teachers) but still allow pupils to access to the newly created pad without authentication (teachers would give them the pad address). Is it feasible ?

Thanks in advance for your answer, best regards,

Al

[Andrew Grimberg]

There was a recent patch added to the source repository that adds in the
ability to enable public (anonymous) read-only pads with the ep_ldapauth
module. I haven't pushed a new npm package of it since the update
though.

If you want to run the latest code directly just checkout from github
into your node_modules directory:

git clone https://github.com/tykeal/ep_ldapauth.git

That would allow you to do what you're after, but only if the students
don't have accounts or don't match the user filters in the
configuration.

At present the groupSearch filter is filtering to find out who is an
admin or not. It doesn't filter who has access based upon group
membership.

-Andy-

On Sat, 2013-09-28 at 12:37 -0700, azzer...@gmail.com wrote:
> Hi,
>
> I'm new to Etherpad. I'm working in education, and I need to allow only
> some users to create pads (namely teachers) but still allow pupils to

> access to the newly created pad *without* authentication (teachers would

[azzer...@gmail.com]

Thanks a lot for an answer that fast !

I'm afraid read-only pads won't be sufficient. My goal is to give creation rights only to authorized adults, and allow children to write in pads created for them by teachers. We cannot allow any child to create a pad and distribute its address to its classmates : imagine they use that pad to offend another pupil (we ever had facebook bashing cases) ! Nor I can allow everyone to create a pad on the servers of my institution : we would risk legal proceedings we cannot afford...

Do you think it's possible ? I have everything to learn about Etherpad, since I only installed, more or less configured and used it from the past hour. You will certainly laugh, but a couple of hours before, I was just thinking that I could simply put an LDAP auth banner with Apache to prevent unauhtorized access to the "create pad" page ;-) ! But it was before...

Best regards,

Al

[Marcel Klehr]

Hey,

you could set "requireSession" to true in the settings, so only group pads can be accessed. Group pads can only be created by someone with API access. If you can authenticate your users somehow, so they can be recognized as group members -- that should do the trick.

[azzer...@gmail.com]

Hi,

I'm afraid I was not precise enough. Let me try to explain my complete needs / dreams ;-) :

• I need to offer Etherpad « alone » to authorized folks only. Typically, teachers - whose credentials are stored in a main OpenLDAP -  should create pads after passing through an auth banner. Then they can distribute the pad address to other (and potentially un-authenticated) users ;
  
• I simultaneously need to offer Etherpad through Moodle. I have many Moodles... and teachers are stored in them too (but theses Moodles are connected to many others smaller OpenLDAPs - dumb ? yeah, I know - but I plead not guilty, your honor ;-) !) And guess what ? There's a plugin that makes Etherpad available in Moodle. Nice ! The best : it works - but I hoped that teachers in Moodle will be allowed to create pads, and students will be able to use them - with group pads I mean. Actually it does not seem to work this way : teachers are not allowed to create a pad and my I hope is gone so far.

So it seems I need to talk with the guy who developped Moodle plugin for Etherpad...

Anyway, many thanks for you help.

Best regards,

Al

[John McLear]

That'd be me and goldquest:

https://github.com/moodlehu/moodle-mod_etherpadlite/blob/master/etherpad-lite-client.php

but mostly goldquest:

https://github.com/goldquest

--
You received this message because you are subscribed to the Google Groups "Etherpad Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to etherpad-lite-...@googlegroups.com.
To post to this group, send email to etherpad...@googlegroups.com.

Visit this group at http://groups.google.com/group/etherpad-lite-dev.