(Migrated) LDAP auth for the web frontend?

Community support
#1

(This message has been automatically imported from the retired mailing list)

Hi list,

we’re evaluating Zato for a customer. There is one question left to the
analysis.

Did anyone of you guys already try to couple the web frontend with LDAP?
How hard is it, to integrate LDAP?

Thank you in advance.

Kind regards,
Denis
–=20
Adfinis SyGroup AG
Denis Simonet, Software Engineer

Keltenstrasse 98 | CH-3018 Bern
Tel. +41 31 550 31 11 | Direkt +41 31 550 31 16

#2

On 07/09/2014 01:30 PM, Denis Simonet wrote:

Did anyone of you guys already try to couple the web frontend with LDAP?
How hard is it, to integrate LDAP?

Hi Denis,

there’s a groups of users who have contributed partial support for LDAP
in this ticket:

This now got divided into


Both #225 and #226 are slated for delivery in 2.0.

Note that having a built-in support means coding sugar, GUI and admin
API but nothing really prevents you from issuing LDAP calls in your
services even if core Zato doesn’t have it yet.

For instance, some users need to communicate with Mongo or various
Amazon services even though Zato itself doesn’t support them right now.

I was in a similar situation in a project some time ago with a client
who were using a custom authentication protocol and my services all
handled it in super-class whose ‘check_credentials’ method was called by
each service in their own ‘handle’ methods.

That’s actually a nice thing about Zato - that services are regular
Python classes to a great extent so you can use normal Python mechanisms
as well.

So basically:

class LDAPChecker(Service)
def check_credentials(self, username, other, data):
if not check_in_ldap(username):
raise Exception(‘Unathorized’)

class MyActualService(LDAPChecker):
def handle(self):
self.check_credentials(…)

# No exception - so we're good to proceed
...
#3

On 07/09/2014 01:30 PM, Denis Simonet wrote:

Did anyone of you guys already try to couple the web frontend with LDAP?
How hard is it, to integrate LDAP?

Hi Denis,

there’s a groups of users who have contributed partial support for LDAP
in this ticket:

This now got divided into


Both #225 and #226 are slated for delivery in 2.0.

Note that having a built-in support means coding sugar, GUI and admin
API but nothing really prevents you from issuing LDAP calls in your
services even if core Zato doesn’t have it yet.

For instance, some users need to communicate with Mongo or various
Amazon services even though Zato itself doesn’t support them right now.

I was in a similar situation in a project some time ago with a client
who were using a custom authentication protocol and my services all
handled it in super-class whose ‘check_credentials’ method was called by
each service in their own ‘handle’ methods.

That’s actually a nice thing about Zato - that services are regular
Python classes to a great extent so you can use normal Python mechanisms
as well.

So basically:

class LDAPChecker(Service)
def check_credentials(self, username, other, data):
if not check_in_ldap(username):
raise Exception(‘Unathorized’)

class MyActualService(LDAPChecker):
def handle(self):
self.check_credentials(…)

# No exception - so we're good to proceed
...