Difference between revisions of "stoney core: Authentication Resource Mapping (REST - LDAP)"
From stoney cloud
[unchecked revision] | [unchecked revision] |
(→Auth retrieval (GET)) |
|||
Line 10: | Line 10: | ||
# If the user exists, try to bind with the [[stoney_core:_OpenLDAP_directory_data_organisation#People_uid_.28per_person.29 | users credentials]]. | # If the user exists, try to bind with the [[stoney_core:_OpenLDAP_directory_data_organisation#People_uid_.28per_person.29 | users credentials]]. | ||
# If the bind was successful, retrieve the users [[stoney_core:_OpenLDAP_directory_data_organisation#People_Roles | roles]] with the service user. | # If the bind was successful, retrieve the users [[stoney_core:_OpenLDAP_directory_data_organisation#People_Roles | roles]] with the service user. | ||
+ | |||
+ | === Auth Mapping === | ||
+ | {| border="1" class="wikitable sortable" | ||
+ | ! API Attribute | ||
+ | ! LDAP Object DN | ||
+ | ! LDAP Attribute | ||
+ | ! Details | ||
+ | |- | ||
+ | | colspan=4 | [[stoney_core:_OpenLDAP_directory_data_organisation#Reseller_uid_.28per_Reseller.29 | Reseller uid (per Reseller)]] | ||
+ | |- | ||
+ | || '''id''' || uid=4000000,ou=reseller || uid || Always read-only. | ||
+ | |- | ||
+ | || isCompany || uid=4000000,ou=reseller || sstIsCompany || | ||
+ | |- | ||
+ | || isActive || uid=4000000,ou=reseller || sstIsActive || | ||
+ | |- | ||
+ | || resellerName || uid=4000000,ou=reseller || organizationName || | ||
+ | |- | ||
+ | || (none) || uid=4000000,ou=reseller || sstExternalID || | ||
+ | |- | ||
+ | || (none) || uid=4000000,ou=reseller || sstBelongsToResellerUID || Internally set to the same value as uid | ||
+ | |- | ||
+ | || organizationName || ou=address,uid=4000000,ou=reseller || organizationName || | ||
+ | |- | ||
+ | | colspan=4 | [[stoney_core:_OpenLDAP_directory_data_organisation#Reseller_Billing_Address | Reseller Billing Address]] | ||
+ | |- | ||
+ | || address.gender || ou=address,uid=4000000,ou=reseller || sstGender || | ||
+ | |- | ||
+ | |||
+ | |} | ||
= Links = | = Links = |
Revision as of 15:12, 29 April 2014
Also visit stoney core: Authentication Resource - REST API.
Overview
Auth action
Auth retrieval (GET)
The following sequence describes the authentication and role retrieval:
- Look-up the user in the OpenLDAP directory (with a configurable service user):
- Currently, this will be cn=Manager,dc=stoney-cloud,dc=org
- Later on, this will be a service user.
- If the user exists, try to bind with the users credentials.
- If the bind was successful, retrieve the users roles with the service user.
Auth Mapping
API Attribute | LDAP Object DN | LDAP Attribute | Details |
---|---|---|---|
Reseller uid (per Reseller) | |||
id | uid=4000000,ou=reseller | uid | Always read-only. |
isCompany | uid=4000000,ou=reseller | sstIsCompany | |
isActive | uid=4000000,ou=reseller | sstIsActive | |
resellerName | uid=4000000,ou=reseller | organizationName | |
(none) | uid=4000000,ou=reseller | sstExternalID | |
(none) | uid=4000000,ou=reseller | sstBelongsToResellerUID | Internally set to the same value as uid |
organizationName | ou=address,uid=4000000,ou=reseller | organizationName | |
Reseller Billing Address | |||
address.gender | ou=address,uid=4000000,ou=reseller | sstGender |