LDAP - I have no idea what I'm doing and could use some guidance

(Derek) #1

Okay - I have extremely limited knowledge of web stuff. I want to use Discourse to replace an existing mailing list - having LDAP logins working would make it a home run.

The trouble is that with my limited knowledge of all of the technologies involved (I am much more comfortable with embedded systems than web) I don’t even know how to start. I know that Discourse includes omniauth functionality, I know that there’s an LDAP plugin (module? script? what’s the right word?) for omniauth. What I can’t figure out is how to glue all these things together to make something work. A lot of the results from my extended googling are old or not terribly edifying to someone with my level of knowledge.

Can anyone point me at a good ‘ground up’ resource for understanding what goes into this? Even a rough, high-level overview of the process would help (I can’t even figure out how to do things to Discourse because it’s in a Docker container?). I feel pretty helpless and don’t know what I should be reading to get less helpless.

(Michael Downey) #2

We have a Node.js app that people use to create and manage LDAP accounts. We used the Discourse SSO package for Node.js to redirect all “Sign In” requests to that site, so all user management happens over there.

We had to install that code on our user ID site, but the only modifications needed to Discourse happened in the admin section of the web app. No major configuration changes required.

As a result, all our Discourse accounts are basically “shadows” of LDAP accounts. Works really well.

I don’t know much about omniauth but I can imagine your experience would be similar.

(Derek) #3

I think I have something of a direction to head in, anyway. I’m looking at writing a plugin (but I don’t know anything about web development) that will add an auth strategy. I’ll update when I get anywhere useful.