twosigma
Add ldap authentication
Ldap authentication would be a great feature. Also specifying the ldap group for admits And why not, inheriting quotas from ldap stored properties for group or users !
Best regards
Hey @davvdg! This seems like a great improvement to Cook!
Would you be interested in working on it? If so, I can point you in the right direction in the code on where to implement it.
Yeah but I don't know clojure...
Le 28 déc. 2016 7:35 PM, "wyegelwel" [email protected] a écrit :
Hey @davvdg https://github.com/davvdg! This seems like a great improvement to Cook!
Would you be interested in working on it? If so, I can point you in the right direction in the code on where to implement it.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/twosigma/Cook/issues/215#issuecomment-269519744, or mute the thread https://github.com/notifications/unsubscribe-auth/AG_CBfEVKNWzJbfdbqI1KnCwhhEtxkzRks5rMqvugaJpZM4LXGrV .
That will make it harder =) Still happy to point you in the right direction (including docs on clojure) if you are interested.
To be upfront, my group doesn't have a direct need for this so it probably won't happen with any haste.
I will leave the issue here since I think it is a valuable addition to the project.
hey there, I may finally try to add ldap. Can you help me on this ? From what I understand, there is the basic auth file, and the authorization file. I think I will deal with authorization in a second time, for now I just want the user passed through basic auth to be checked with ldap and have the jobs submitted that way (rather than the "one user" default behavior)
David
2016-12-28 19:49 GMT+01:00 wyegelwel [email protected]:
That will make it harder =) Still happy to point you in the right direction (including docs on clojure) if you are interested.
To be upfront, my group doesn't have a direct need for this so it probably won't happen with any haste.
I will leave the issue here since I think it is a valuable addition to the project.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/twosigma/Cook/issues/215#issuecomment-269521803, or mute the thread https://github.com/notifications/unsubscribe-auth/AG_CBVrqsWuRhxTWp3cIRINO8AaeuAKRks5rMq9JgaJpZM4LXGrV .
Yes absolutely!
Here are some good docs on clojure: Guide to clojure Practice problems to learn clojure fundamentals Feel free to make a PR early and ask any clojure questions there, happy to help.
The most active clojure ldap client looks to be https://github.com/pauldorman/clj-ldap. From a clojure perspective it seems fine though I don't know enough about ldap to evaluate it in that regard. Since clojure sits atop the jvm, you can also use your favorite java ldap client. Here is a quick post on java interop in clojure http://clojure-doc.org/articles/language/interop.html
You are definitely on the right track looking at the basic auth namespace. The current implementation has a nice comment in it "Doesn't verify the password at all; this should be used in a trusted network". I will make a pull request to configure validation with "none" and "config-file" as the initial options.
Once that is in, it should require on your side adding a new validation option "ldap", connecting to the ldap server and using it to validate requests. I'm going to work on that now, and will have more specific instructions once it is in.
Hey @davvdg, the code I mentioned is now in PR #235. Once it is merged, you would need to add a validation option, :ldap, to the switch here: https://github.com/twosigma/Cook/pull/235/files#diff-5d5022c7d84670b6052055ff1cd24c19R47, create a connection to the ldap server and return a function that checks that the given user / password is valid.