|
|
Notes on LDAP Integration
An obscure software developer created a proof-of-concept modification to Movable Type which enabled support for LDAP. The plug-in required some configuration, but by and large it worked. Sort of. We didn't just need the gateway to the VISTA directory. I overcame several other shortcomings with simple work-arounds. For instance, the comment script required visitors to log in, yet if the visitor weren’t a current VISTA, she couldn't leave a comment. Movable Type also had to be modified to prohibit VISTAs from editing their profiles (i.e., name, email address, etc.) or changing their passwords, since all of that information was kept in the directory. Finally, the “logout” functionality broke, and quitting the web browser became the only certain way to exit a Movable Type session.
The integration work was hardly a walk in the park: some of the source code to both the LDAP plug-in and Movable Type itself had to be altered to get the system to work in the desired manner. The configuration does require custom web-based gateway software to synchronize account information (a web page, in this case). Below is a chart of the services currently available on the CTC VISTA Project website and their LDAP ratings, based on ease of installing LDAP support and the extent to which LDAP replaces the native authentication mechanism.
We haven’t needed to implement LDAP support on every service, but it is important to highlight that trying to lay an LDAP foundation may limit one’s software choices. Additionally, because LDAP is so new and used by so few, support is often grafted onto a lot of programs in the same embarrassing manner that handicap accessible ramps are added to buildings long after construction has ceased in order to make them “compliant.” While Movable Type’s LDAP support is shaky, most weblog packages don’t even include support, either built-in or contributed by a kind-hearted software developer. Those seeking a weblog package with better integration need look no further than WordPress. To keep mailing lists in sync with a directory, Sympa comes to mind. And while we don’t use it at the Project, Mailman does have a special module, the MemberAdaptor, but I’ve heard it’s a kludge. Finally, the LDAP modifications for phpBB were particularly horrendous since they required adding several files and tediously editing several more. Plus, one netizen saw some shortcomings in the mod and posted his own fixes. The final obstacle to setting up a directory may prove the most difficult: getting your hands on an LDAP server. Most hosting companies make web and FTP services routinely available to their users, but nary a one dares touch LDAP. If, on the other hand, you have access to a server and feel comfortable compiling and installing software on it, OpenLDAP is a platform-independent, open source program that can be downloaded and installed free of charge (even on Windows). Get up and running in an afternoon with the Quick Start Guide. To set up organization-wide white pages, see the ONLamp.com set-up article. For administrative tasks I highly recommended the web-based tool phpLDAPadmin. Lastly, it would be irresponsible of me not to mention that other single, monolithic software packages can be downloaded from the Internet that provide most of the same services as those used on the CTC VISTA website (and more). The primary benefit of our approach is the ability to add any number of services in the future and still use the existing database of usernames and passwords. No other technology is as tightly integrated with email readers and servers, either. If you have any questions about getting your organization up and running with LDAP, please feel free to contact me. Hyperlinks references in this article: Comments
|
||||||||||||||||||