Difference between revisions of "stoney core: Authentication Resource Mapping (REST - LDAP)"
From stoney cloud
(→Auth retrieval (GET)) |
(→Auth Mapping) |
||
Line 18: | Line 18: | ||
! Details | ! Details | ||
|- | |- | ||
− | | colspan=4 | [[stoney_core:_OpenLDAP_directory_data_organisation# | + | | colspan=4 | [[stoney_core:_OpenLDAP_directory_data_organisation#People_uid_.28per_person.29 | People uid (per person) ]] |
|- | |- | ||
|| '''id''' || uid=4000000,ou=reseller || uid || Always read-only. | || '''id''' || uid=4000000,ou=reseller || uid || Always read-only. | ||
|- | |- | ||
|| isCompany || uid=4000000,ou=reseller || sstIsCompany || | || isCompany || uid=4000000,ou=reseller || sstIsCompany || | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
|| organizationName || ou=address,uid=4000000,ou=reseller || organizationName || | || organizationName || ou=address,uid=4000000,ou=reseller || organizationName || | ||
|- | |- | ||
− | | colspan=4 | [[stoney_core:_OpenLDAP_directory_data_organisation# | + | | colspan=4 | [[stoney_core:_OpenLDAP_directory_data_organisation#People_Roles | People Roles ]] |
|- | |- | ||
|| address.gender || ou=address,uid=4000000,ou=reseller || sstGender || | || address.gender || ou=address,uid=4000000,ou=reseller || sstGender || |
Revision as of 15:15, 29 April 2014
Also visit stoney core: Authentication Resource - REST API.
Overview
Auth action
Auth retrieval (GET)
The following sequence describes the authentication and role retrieval:
- Look-up the user in the OpenLDAP directory (with a configurable service user):
- Currently, this will be cn=Manager,dc=stoney-cloud,dc=org
- Later on, this will be a service user.
- If the user exists, try to bind with the users credentials.
- If the bind was successful, retrieve the users roles with the service user.
Auth Mapping
API Attribute | LDAP Object DN | LDAP Attribute | Details |
---|---|---|---|
People uid (per person) | |||
id | uid=4000000,ou=reseller | uid | Always read-only. |
isCompany | uid=4000000,ou=reseller | sstIsCompany | |
organizationName | ou=address,uid=4000000,ou=reseller | organizationName | |
People Roles | |||
address.gender | ou=address,uid=4000000,ou=reseller | sstGender |