RSS feed

How to configure for delegated authentication

[Date Prev][Date Next] [Thread Prev][Thread Next]

How to configure for delegated authentication


I have a service (git, via gitolite) that I'd like to make available to
users. The problem is that we have about 4k users and I'd like not to
have to create and synchronize local accounts on the box for each one.

I'm currently having two issues:

1) The best way for me to do this would be to perform what's often
called "delegated authentication" against LDAP. Instead of going to LDAP
to look up the user credentials, I need to test the given user
credentials by doing a bind against LDAP with those given credentials
(or even better, with a given binddn/bindpw but then do a rebind, I
think it's called, with the given user credentials -- it's what many web
apps do). Our LDAP server itself goes to a third party to validate
credentials, so the LDAP server does not have password information,
hence why I need to do authentication based upon bind results. I'm not
sure how I can do this, or if I can do this...I'm happy to try to help
implement it if needed, but I'd probably need some hand-holding.

2) I would need to return a particular shell for the user in order to
continue with the git functionality. From the earlier nss_ldap I should
have been able to use the nss_override_attribute_value command, but from
the current sources it looks like that's been removed...?

To unsubscribe send an email to or see