Friday, December 1, 2017

enable_ldap

Posted on 
  • Added LDAP calls to enable_ldap to check the parms as we go

Integrating LDAP to enable_ldap

I decided it would be good if as enable_ldap gathers parameters, it checks to see if they are correct. It does this by actually calling LDAP calls to validate the things like the server, port, etc. The goal is to make enable_ldap insure that the parameters are indeed correct. Unfortunately this makes enable_ldap dependent on the Net::LDAP module but I think it's worth it to allow enable_ldap to check the parameters and the mapping the user is describing.

I still need to tighten up the code where it queries LDAP and attempts to prove to the user that the mapping is correct. As I understand it you are basically attempting to map a Clearquest field to an LDAP field so that Clearquest can find the correct record. Once that linkage is established Clearquest can "pull" the password from LDAP and thus authenticate the user's password to the LDAP password.

What enable_ldap does is effectively this, however, it's not that informative to simply say "The user ID 'foo' was found in the LDAP directory" rather I want to say "The user id 'foo' corresponds with '<fullname>'". However does "fullname" always appear exactly as that in LDAP?

Additionally, I need to handle the cases where it's not a match or where say multiple entries are returned (not sure how that can happen unless the user specifies an attribute that can have dups or perhaps enters in a wildcard, e.g. "defaria*").

No comments:

Post a Comment

Posted on  November 23, 2005 Continued to help several users with connecting to the new Controller Clearquest Database for Vinh...