• Sign In
  1. Messages

Revisiting the ldap issue with a simple solution

LabKey Support Forum (Inactive)

View Message

view list print
Revisiting the ldap issue with a simple solution Andy Straw  2012-03-14 05:51
Status: Closed
 
I wasn't involved in the original design of this solution, so I don't know if there was a conscious decision to have these new properties in labkey.xml versus elsewhere or not.

Michael: If you're reading this, can you comment?

Obviously, there would be more work to update the LDAP configuration UI to support these additional properties. The UI would be slightly more complicated because there would be two "modes" of data entry: 1) Current mode, where you enter:

  • servers
  • domain
  • template
  • SASL?
2) New mode, where you enter:
  • servers
  • domain
  • ldapSearch username
  • ldapSearch password
  • ldapSearch searchBase
  • SASL?
Note that in the new mode, the "template" property is NOT used.

Being new to LabKey, I don't know how much work it would be to update the UI like this. Looks like it would require additional data members on the LdapController.Config class, additional form elements in the corresponding configure.jsp, and some way to show/hide the form elements appropriate for the chosen mode, and some way to choose the mode. Also, LdapAuthenticationManager.java would need updating, but that would be pretty straightforward - might simplify that class a bit.

Some alternatives for the dealing with the different modes in the UI:

  • The form shows all properties for both modes. Documentation (or text on the page) tells users which fields are required for which mode. We infer the mode by seeing if any of ldapSearch fields are filled in. Simple to implement, but probably the most confusing UI for users.
  • Change the template from a text field to a drop-down list with three choices: ${uid}, ${email}, ${emailSearch}. The choice in this drop-down determines the mode (first two are current mode, last one is new mode), as well as driving which form elements are shown/hidden. This requires some JavaScript to dynamically show/hide form elements. It also means the value for template is constrained to the values in the drop-down list, not whatever the user wants to enter - not sure if that's okay.
Let me know what you all think about this. Thanks.

Andy