Open ericfranz opened 8 years ago
So to clarify, the question is: should a user be authorized prior to adding the mapping to the gridmap file? If so, is it the responsibility of the registration PHP script or the responsibility of the mapdn script to authorize the user?
FWIW a user's PUN cannot be started if their shell is disabled - we have a check for this.
Currently we mix authentication code (does the username/password combo successfully bind to LDAP) with authorization code (is the account of the user that authenticated an enabled account via LDAP attribute or shell).
find_ldap
function here: https://github.com/OSC/ood_auth_registration/blob/4b60441e0a28d9164d64a0921c240adeb63aadf8/ldap.php#L67-L116authn_strategies
directory - so new ones can just be added.Could have a super class with a factory method that instantiates the correct subclass. So:
Where
$config
is a string or a path to a file that is YAML or PHP:Of course, this opens the question of where authorization should go.
(above is the Strategy pattern: https://en.wikipedia.org/wiki/Strategy_pattern and https://sourcemaking.com/design_patterns/strategy)