Help save net neutrality! Learn more.

LDAP Authentification

  • Tom Vercauteren

    Tom Vercauteren - 2008-10-09

    Hi all,

    One thing that is not in the list of planned refbase features ( ) that I would love to see would be to make refbase LDAP aware.

    The only reference I found is the following thread:

    Allowing refbase to comunicate with an LDAP server would allow the administrator avoiding the creation of a specific refbase account for each potential refbase user. Also the user passwords would be synchronized.

    Anyhow, thanks for the very nice software.


    • Richard Karnesky

      I think we'd still like a more extensible authentication mechanism & people have been able to incorporate other auth mechanisms into refbase, see:\(Pubcookie)

      I think that it is likely that we'll support Apache HTTP AUTH at some point in the future.  If you are able to use Apache's LDAP extensions, this may be useful for you.  I have no idea when this will happen--we currently are working on higher priority features.

      If you (or a colleague or other readers of this thread) wishes to add this feature, we'd be happy to help & have had discussions on the developers' list about this topic.


      • Tom Vercauteren

        Tom Vercauteren - 2008-10-09

        Thanks for the interesting link which I had missed. I'll check out Pubcookie and see if I can use it.

    • Matthias Steffens

      Hi Tom,

      thanks for your input!

      For future reference, besides private discussions among developers, refbase authentication was discussed in these forum threads (you mentioned the first one already):

      General consensus seems to be that it would be nice if refbase would support centralized/generic authentication (e.g. via HTTP AUTH). Currently, refbase uses the user's email address as user name. So we'd probably first need to change the refbase internals so that arbitrary user names are allowed. This is most likely the biggest task, and since the anticipated changes would touch much of the core functionality, it's probably not something that we'll be able to address soon.

      Of course, things might be a lot easier if the external authentication mechanism could be made to return a valid email address (which could  then be used as the refbase user name). But moving refbase user names from email address to arbitrary user names may be generally useful and allow for more flexible integration with external authentication mechanisms.

      Previously, we also agreed that while *authentication* could (optionally) be made external, fine-grained *authorization* (i.e. what an authenticated user is allowed to do) and user prefs would still be handled by refbase itself. I.e., if a user was successfully authenticated, refbase would check its own user table and--if some user was found--load his account prefs & permissions, otherwise create a new account with default settings (or prompt the user for it).


  • Paolo Furlani

    Paolo Furlani - 2010-03-19

    I also think that LDAP authentication should be a feature for the next release of refbase with the highest priority.

  • Reinier Post

    Reinier Post - 2011-10-06

    I, too, would love to see the option to use an external set of user accounts as refbase users.
    In my case, they are Subversion users (i.e. authenticated with basic authentication over https).
    In fact I'm about to hack it on myself because it seems fairly easy to do.

  • Anonymous - 2013-03-06

    I just came across this great project. We are searching for a solution with LDAP authentication.
    rp2 -> did you hack refbase to accept LDAP ? If so, would you share how you did it ?


Log in to post a comment.