[icinga-users] LDAP authentication from icinga-web

Marius Hein marius.hein at netways.de
Wed Sep 1 12:45:19 CEST 2010


> Sorry for the list spam, but one more question:
> Do I create an auth.xml or do I add my auth config to an existing xml
> file like icinga.xml? If I add it to an existing XML file, how much do I
> need to include of the parent containers? For example:
> <settings prefix="modules.appkit.auth."

The simplest solution to add your auth configuration to the existing

If you want heavy debugging: Agavi supports XInclude. You can use this
to include new XML files into existing settings xml files (like
app/config/settings.xml, modules.xml, or any other valid agavi places).

You can see this in module.xml config (from AppKit). This file includes
the auth.xml.

> This sits at the top of auth.xml so would it need to be included?

Depending on your scope of including. If you include in a already
prefixed scope (e.g. modules.apppkit) you only need a new settings
directive for e.g. auth.

You can test around include xml settings arround the application, but
always clean the cache to start new (Agavi compiles all settings (after
XInclude) together)

Depending on your mail how the auth system works:

At the moment there is no documentation available. The best thing to
look into app/modules/AppKit/models/Auth/DispatchModel.class.php. This
is the master instance to control all authenticate requests and
distributes to the configured provider.

I will write some flowchart but at first I try to use some words to
describe the process:

- 1.0 User tries to login
- 1.1 Yes user is in the system
	- Loading the belonging provider
	- Provider can update (auth_update)
		- Update user profile
	- Provider is 'authoritative'
		- Authenticate against
		- Fail and auth_resume
			- Try other provider in the configured order
				- Iterate to all the others and try only
		- Fail and not auth_resume
	- Provider is not authoritative and auth_resume
		- Try other provider in the configured order
	- Provider is not authoritative
- 1.2 NO user is not available
	- Iterate through all providers
		- Yes user is available on the provider
		- Yes provider can import (auth_import)
			- Import the user profile and goto 1.1

This is already implemented and the dispatcher logs all steps into
app/data/log/debug* log.

Kind Regards,

Marius Hein
Application Developer

NETWAYS GmbH | Deutschherrnstr. 15-19 | D-90429 Nürnberg
Tel: +49 911 92885-0 | Fax: +49 911 92885-77
GF: Julian Hein | AG Nürnberg HRB18461

http://www.netways.de | marius.hein at netways.de

** NETWAYS Open Source Monitoring Conference 2010 | Nürnberg, 06. und
07. Oktober 2010 | http://www.netways.de/osmc **

More information about the icinga-users mailing list