- summary: Pubcookie w. LDAP-backen patch --> Pubcookie w. LDAP-backend patch
I have done some coding so we could integrate
webcalendar with our SSO (Single-Sign-On) here. We are
using pubcookie for SSO, it's a cookie-based authsystem
that (in our case) uses openldap as the backend. On
the appserver one installs an apache-module and users
then appear to the app as REMOTE_USER, much like
http-auth.
I first did the coding on top of webcalendar-0.9x
something but today I finished work on "porting" these
changes over to webcalendar-1.0.1.
For the interested, I have put a patch here:
http://people.arcada.fi/~harald/webcalendar-1.0.1-pubcookie.patch
Because we have hundreds of users, it's quite common
for different people to have the same name. For this
reason I have changed webcalendar so it also prints the
login name besides a user's fullname.
There are a lot of stuff I would need help with. I have
tried as much as possible to contain all code
inside user-pubcookie.php, but some changes to
webcalendar-code was also required. E.g. I had to
create a logout.php file. The patch includes all
changes. N.B. The patch will overwrite settings.php! It
will also overwrite /.htaccess, if you had one.
If there's sufficient interest in this, I would very
much receive suggestions on how to improve on this.
Maybe even include my patch in the official release?
please?? :)
This patch requires you to have both mod_pubcookie
and mod_auth_ldap (Only if you want to restrict access
to the calendar to people having a certain role (or
other attribute/value) in ldap) installed.
This patch assumes that you do authentication with
pubcookie, using ldap as your backend. This patch is a
hybrid of http_auth and user-ldap.php in the sence that
a patched webcalendar doesn't authenticate people at
all, mod_pubcookie takes care of this. Then things like
Full Names and such are taken from ldap.
This patch also assumes that login@domain.com is a
working e-mail address. Although it would probably be
trivial to implement e-mail address from ldap too.
This patch takes admin people from the unix-group
webmasters, as found in ldap. So, if a user is a member
of the posix/unix-group webmasters they are
webcalendar admins too.
This patch would have to be refined so it wouldn't
overwrite webcalendar files unnecessarily.
Any comments welcome!
Many, many, many great thanks for a great piece of
software webcalendar-people! Thanks, (bows head).
- Harald