We have several drupal installs that all use the same LDAP setup for authentication. We would like to setup Single Sign On for all of those sites, but it is not feasible for us to use a shared database. Additionally, we are using LDAP groups to create the Drupal roles. Any advice on how to accomplish this? Thanks in advance.
http://drupal.org/project/ldap_integration and its ilk. On Thu, Aug 6, 2009 at 9:13 AM, antgiant<antgiant+drupalDevel@gmail.com> wrote:
We have several drupal installs that all use the same LDAP setup for authentication. We would like to setup Single Sign On for all of those sites, but it is not feasible for us to use a shared database. Additionally, we are using LDAP groups to create the Drupal roles. Any advice on how to accomplish this? Thanks in advance.
-- Ken Rickard agentrickard@gmail.com http://ken.therickards.com
Thank you. However, we're already using that and it doesn't provide any SSO functionality. On Thu, Aug 6, 2009 at 10:14 AM, Ken Rickard <agentrickard@gmail.com> wrote:
http://drupal.org/project/ldap_integration and its ilk.
On Thu, Aug 6, 2009 at 9:13 AM, antgiant<antgiant+drupalDevel@gmail.com<antgiant%2BdrupalDevel@gmail.com>> wrote:
We have several drupal installs that all use the same LDAP setup for authentication. We would like to setup Single Sign On for all of those sites, but it is not feasible for us to use a shared database. Additionally, we are using LDAP groups to create the Drupal roles. Any advice on how to accomplish this? Thanks in advance.
-- Ken Rickard agentrickard@gmail.com http://ken.therickards.com
You'll need an SSO provider. I'd recommend looking into something like http://drupal.org/project/pubcookie. I haven't used it, but my understanding is that you setup the pubcookie provider that is linked with your LDAP install, then all of your sites just use pubcookie. ~Rob On Thu, Aug 6, 2009 at 7:16 AM, antgiant <antgiant+drupalDevel@gmail.com<antgiant%2BdrupalDevel@gmail.com>
wrote:
Thank you. However, we're already using that and it doesn't provide any SSO functionality.
On Thu, Aug 6, 2009 at 10:14 AM, Ken Rickard <agentrickard@gmail.com>wrote:
http://drupal.org/project/ldap_integration and its ilk.
On Thu, Aug 6, 2009 at 9:13 AM, antgiant<antgiant+drupalDevel@gmail.com<antgiant%2BdrupalDevel@gmail.com>> wrote:
We have several drupal installs that all use the same LDAP setup for authentication. We would like to setup Single Sign On for all of those sites, but it is not feasible for us to use a shared database. Additionally, we are using LDAP groups to create the Drupal roles. Any advice on how to accomplish this? Thanks in advance.
-- Ken Rickard agentrickard@gmail.com http://ken.therickards.com
If you go the pubcookie route be aware that it will require some comfort and/or familiarity with compiling from source as it is highly unlikely you will find a compiled pubcookie apache module for your distribution/version of apache. Additionally the shared key pubcookie setup requires some familiarity with ssl-certs some of these can be self signed for the server-to-server chatter, but the client facing side login server should have a publicly signed cert for usability reasons. This will apply for each application server in your stack that is using pubcookie. Jeff On Aug 6, 2009, at 11:48 AM, Robert Wohleb wrote:
You'll need an SSO provider. I'd recommend looking into something like http://drupal.org/project/pubcookie. I haven't used it, but my understanding is that you setup the pubcookie provider that is linked with your LDAP install, then all of your sites just use pubcookie.
~Rob
On Thu, Aug 6, 2009 at 7:16 AM, antgiant <antgiant+drupalDevel@gmail.com
wrote: Thank you. However, we're already using that and it doesn't provide any SSO functionality.
On Thu, Aug 6, 2009 at 10:14 AM, Ken Rickard <agentrickard@gmail.com> wrote: http://drupal.org/project/ldap_integration and its ilk.
On Thu, Aug 6, 2009 at 9:13 AM, antgiant<antgiant+drupalDevel@gmail.com
wrote: We have several drupal installs that all use the same LDAP setup for authentication. We would like to setup Single Sign On for all of those sites, but it is not feasible for us to use a shared database. Additionally, we are using LDAP groups to create the Drupal roles. Any advice on how to accomplish this? Thanks in advance.
-- Ken Rickard agentrickard@gmail.com http://ken.therickards.com
On Thu, Aug 6, 2009 at 7:13 AM, antgiant<antgiant+drupalDevel@gmail.com> wrote:
We have several drupal installs that all use the same LDAP setup for authentication. We would like to setup Single Sign On for all of those sites, but it is not feasible for us to use a shared database. Additionally, we are using LDAP groups to create the Drupal roles. Any advice on how to accomplish this? Thanks in advance.
I've done this before, but it required custom code in all cases. In my experience building these systems each one is just different enough that it wasn't something that could be contributed as a general module. Regards, Greg -- Greg Knaddison | 303-800-5623 | http://growingventuresolutions.com Cracking Drupal - Learn to protect your Drupal site from hackers Now available from Wiley http://crackingdrupal.com
CAS is widely used in universities and should fit your needs. I believe that behind the scenes, the CAS server can use a LDAP server for the ultimate authentication. http://drupal.org/project/cas -- Kyle Mathews kyle.mathews2000.com/blog http://twitter.com/kylemathews On Thu, Aug 6, 2009 at 12:35 PM, Greg Knaddison < Greg@growingventuresolutions.com> wrote:
On Thu, Aug 6, 2009 at 7:13 AM, antgiant<antgiant+drupalDevel@gmail.com<antgiant%2BdrupalDevel@gmail.com>> wrote:
We have several drupal installs that all use the same LDAP setup for authentication. We would like to setup Single Sign On for all of those sites, but it is not feasible for us to use a shared database. Additionally, we are using LDAP groups to create the Drupal roles. Any advice on how to accomplish this? Thanks in advance.
I've done this before, but it required custom code in all cases. In my experience building these systems each one is just different enough that it wasn't something that could be contributed as a general module.
Regards, Greg
-- Greg Knaddison | 303-800-5623 | http://growingventuresolutions.com Cracking Drupal - Learn to protect your Drupal site from hackers Now available from Wiley http://crackingdrupal.com
participants (6)
-
antgiant -
Greg Knaddison -
Jeffry Graham -
Ken Rickard -
Kyle Mathews -
Robert Wohleb