leginonbot
commented
3 months ago Original Redmine Comment Author Name: Anchi Cheng (@anchi2c) Original Date: 2017-09-12T02:04:43Z
Do make sure the activation of this midware is configured in config.php. Not every place can tab into LDAP.
Author Name: Carl Negro (@carl9384) Original Redmine Issue: 5208, https://emg.nysbc.org/redmine/issues/5208 Original Date: 2017-09-11 Original Assignee: Carl Negro
I propose adding LDAP middleware authentication, so that if an Appion server uses LDAP for processing accounts, users would be able to use the LDAP credentials at both the myamiweb login and the Appion processing login. Logging in to myamiweb would automatically log the user in to the processing page as well.
The LDAP account and myamiweb account names would have to be the same. We'd need a flag and config info in myamiweb/config.php so the authentication system knows to attempt a login with the LDAP credentials. Given a username and password, the server would first try to validate against LDAP. If that fails, the system tries to validate against the native myamiweb account. If that fails, login fails. In this scenario, it would not matter if the LDAP and myamiweb passwords are different, only that the entered password matches one of them. In the case where an LDAP account exists without a corresponding myamiweb account of the same username, the system should automatically create the myamiweb account. In the reverse case, I do not think an LDAP account should be generated.