unxsBind
Current Development Areas
Allow use of LDAP for login of users
Using libcurl access remote LDAP/AD server retrieve user password, organization and role. This would be turned on via tConfiguration and would negate tClient/tAuthorize Organization/Contact/Role unxsVZ authentication and authorization (AA) model EXCEPT for backend Root user.
This method could be used for all or some iDNS, idnsAdmin and idnsOrg interfaces.
Quickly jotting down some development ideas:
- link app to libcurl.
- LDAP/AD server would be required to be setup with required data elements (or whatever they are called in LDAP parlance.)
- Initially LDAP would be queried via gcUser only. One could imagine that the connection IP could be used to use variant roles, for example at office or at home.
- libcurl simple C API would be used to save in memory results where we would parse out guCompany, gcCompany, guPermLevel and guLoginClient.
- For production environments the LDAP data will probably have to be mapped to our internal AA this could be done via tConfiguration entries.
- Initial development work will require slapd and maybe some FOSS web LDAP web app manager, to setup test users, without resorting to the CLI ldap tools.
- We really do not want to have to learn too much LDAP.
- To improve performance we may want to add to tClient and tAuthorize what is only retrieved from LDAP every REFRESH seconds somehow expiring it after EXPIRE seconds.
