Fossil

View Ticket
Login

View Ticket

Ticket Hash: ec667f74f803490786abc4442553ca8befeac61a
Title: LDAP authentication and authorization support
Status: Closed Type: Feature_Request
Severity: Important Priority:
Subsystem: Resolution: Wont_Fix
Last Modified: 2024-01-29 06:34:28
Version Found In: Fossil-076f7adff2
Description:
Fossil is good, so I am thinking of promoting Fossil in work place which use LDAP/AD for account login authentication and authorization. Please implement this feature.

tj yang


anonymous added on 2010-11-05 17:17:02:
The easiest way to do this probably is to let the web server handle the LDAP via HTTP Basic Auth (secure enough when sent over SSL) and have Fossil merely pick up the login name from the CGI and use it as logged in user from there.

Support for HTTP Basic Auth would also be needed for Fossil's own network support (i.e. when the client talks to the server).


anonymous added on 2010-11-08 14:47:28:
Also see discussion in this thread.

Fossil already supports REMOTE_USER when running as CGI, which means it can be set up to pick up the user name (for existing users only) from the webserver, which can be set up to handle LDAP or any other authentication. Problems here are that the fossil client doesn't support basic or digest authentication, which means it can't talk to a fossil server behind LDAP (or any other external authentication scheme) at the moment.