I have just started after ages with Kirby 3 and was working for an intranet for tenants of a dormitory. Currently, we are quite advanced and have our own LDAP server with some other services - so everyone is just using one login credential pair and can login everywhere in every service. By not going that much into details - is it possible to let Kirby also handle users via LDAP? So just accepting basically the entered credentials by calling the LDAP server which then verifies or denies the access?
Does someone has experiences with LDAP and Kirby?
Many thanks!
@texnixe Thanks for your answer. I will try it out and will see if I can even make a plugin out of it I am quite new in writing a Kirby plugin but I guess the guides at the Kirby page will help.
I think a LDAP plugin would be wonderful @creichel! Would be nice if you share it. I don’t have a need for it right now but LDAP is so common that there will be a need by someone else any time.
Also: If the Kirby-side is the problem, I will be happy to help creating the plugin. I just have no clue about LDAP and what would be needed to send how to where to authenticate XD
@demlak I have started to write the plugin but got utterly confused about how and when to connect to the LDAP server. It’s not that easy like REST
Thus I replicating the necessary accounts now by hand. These aren’t so many but it would be more convenient to make just a button press to do so…
I would be interested to contribute to this plugin. Is there a Github repo or the like?
I have written similar programs in the past using Perl and have some experience with LDAP.
The main question for me is how the design should look like: Should it be possible to just connect and read the directory for authentication and/or authorization of users or should it be possible to manage users in the directory, which means: write back to it?
Thx for your answers.
i started a private conversation with @distantnative and your contributions should go a long. Its amazing to see this community wants to hop on!
since i’m not a coder and LDAP is also new for me, i think, it would be best to discuss in here instead of a private chat.
starting a github repo sounds cool =)
@Adspectus My personal opinion: I think writing back would be too complex of a task for now. I imagine a plugin that uses LDAP for authentication. Pure login.
Second thought then would be to:
either create Kirby users on the fly the first time a new LDAP user logs in
try out if LDAP could work as a source for virtual user models
But as I mentioned to @demlak: I have no clue about LDAP - I only think that a solid auhtentication plugin would be cool to have and am willing to throw in my Kirby expertise.
We would certainly need a test LDAP server for developing such a plugin.
Yes, I agree, writing back would raise complexity. Authentication (and maybe authorization by reading group memberships) should not be a problem. However, I do not know if user groups or roles are used by Kirby - that’s your part
I could set up a Directory Server for this purpose, but probably not in the next days.
Hi there!
after I read this Post I started to write a Plugin on my own.
Have you already started?
I’m new to Kirby and LDAP, but I like the idea so I just went for it.
It can already login with the LDAP-Server, if a user with that email-address exists in Kirby.
Has anyone an idea how to overwrite the method where it gets checked, if a user exists?
In the meantime I have setup a LDAP server and feed in some data. I would provide access to this to a group of persons who are willing to contribute. I would suggest @distantnative to create a repo and inviting (?) users to contribute and I will share the LDAP info there. Would that be a reasonable way to start?