Interfacing to the lookup directory: Difference between revisions
(Created) |
(Add warning re not republishing lookup data outside the University) |
||
| Line 1: | Line 1: | ||
It's intended that the [http://www.cam.ac.uk/cs/lookup/ lookup directory] will eventually provide a master source of information about people in the University. As such it can already be used to some extent as a way of gathering additional material about people who have been identified by Raven. | It's intended that the [http://www.cam.ac.uk/cs/lookup/ lookup directory] will eventually provide a master source of information about people in the University. As such it can already be used to some extent as a way of gathering additional material about people who have been identified by Raven. | ||
To gather information, for example in a script protected by Raven, the best approach is probably to use the LDAP interface at ldap.lookup.cam.ac.uk. Note that currently only anonymous LDAP access is available (and only from computers connected to the University network) and that individuals are allowed to [http://www.cam.ac.uk/cs/lookup/editing.html suppress] most information about themselves from | To gather information, for example in a script protected by Raven, the best approach is probably to use the LDAP interface at ldap.lookup.cam.ac.uk. Note that currently only anonymous LDAP access is available (and only from computers connected to the University network) and that individuals are allowed to [http://www.cam.ac.uk/cs/lookup/editing.html suppress] most information about themselves from all such accesses. Sites '''must not''' publicise any information extracted from the directory outside the University without the relevant user's consent. | ||
It is in principle possible to make authorization decisions in something like Apache based on information in the directory, such as institution affiliation. The lookup development project intends to provide support for doing this in as easy a way as possible in due course. As far as I ([[User:jw35|jw35]]) am aware, none of the existing Apache LDAP modules are suitable for use in a Raven authentication, LDAP authorization context, but it appears that someone at the University of Michigan [http://www.umich.edu/~umweb/downloads/mod_authz_ldap-NOTES.txt has patched mod_authz_ldap] in a way that looks as if it should work. Stanford University's WebAuth package includes an Apache module which, while designed to work with Stanford WebAuth, might work either directly out-of-the-box or with some adaptation with Raven and lookup. | It is in principle possible to make authorization decisions in something like Apache based on information in the directory, such as institution affiliation. The lookup development project intends to provide support for doing this in as easy a way as possible in due course. As far as I ([[User:jw35|jw35]]) am aware, none of the existing Apache LDAP modules are suitable for use in a Raven authentication, LDAP authorization context, but it appears that someone at the University of Michigan [http://www.umich.edu/~umweb/downloads/mod_authz_ldap-NOTES.txt has patched mod_authz_ldap] in a way that looks as if it should work. Stanford University's WebAuth package includes an Apache module which, while designed to work with Stanford WebAuth, might work either directly out-of-the-box or with some adaptation with Raven and lookup. | ||
Revision as of 09:38, 20 January 2006
It's intended that the lookup directory will eventually provide a master source of information about people in the University. As such it can already be used to some extent as a way of gathering additional material about people who have been identified by Raven.
To gather information, for example in a script protected by Raven, the best approach is probably to use the LDAP interface at ldap.lookup.cam.ac.uk. Note that currently only anonymous LDAP access is available (and only from computers connected to the University network) and that individuals are allowed to suppress most information about themselves from all such accesses. Sites must not publicise any information extracted from the directory outside the University without the relevant user's consent.
It is in principle possible to make authorization decisions in something like Apache based on information in the directory, such as institution affiliation. The lookup development project intends to provide support for doing this in as easy a way as possible in due course. As far as I (jw35) am aware, none of the existing Apache LDAP modules are suitable for use in a Raven authentication, LDAP authorization context, but it appears that someone at the University of Michigan has patched mod_authz_ldap in a way that looks as if it should work. Stanford University's WebAuth package includes an Apache module which, while designed to work with Stanford WebAuth, might work either directly out-of-the-box or with some adaptation with Raven and lookup.
