RFC: Detaching user name from email, LDAP and Single-Signon
Erik Stambaugh
erik-bug at dasbistro.com
Tue Apr 13 22:26:36 UTC 2004
(by the way, hello again everybody!)
On Tue, Apr 13, 2004 at 10:14:33PM +0100, Gervase Markham wrote:
> Christian Robottom Reis wrote:
> >This field name is something like "other_id" or "external_auth_id"? So
> >the "external" authentication mechanism can use it to map the external
> >id to a Bugzilla id?
> >
> >Somehow I think this fits in another table, separate from profiles, but
> >perhaps I'm being impractical.
>
> Well... either everyone has one, or no-one has one. In the common case,
> no-one has one. So you could argue that an external table would be best.
I have a working model of the environment variable authentication Joel
mentioned, and I was about to attempt arguing against putting the
external ID in another table when something occurred to me.
Our test bugzilla authenticates in one of three ways. Either the user
gets authenticated externally, with everything including the unique
identifier in the environment, or they can be authenticated without a
unique identifier (not desired but unfortunately possible), or if the
external auth system goes down or supplies nothing, it has a fallback
where it uses the standard Bugzilla CGI authentication.
What that means is, actually, some users have unique identifiers and
some don't. The ones who do not have unique identifiers simply do not
have the benefit of their name and email address automatically
changing.
But what occurred to me is that someone else using this feature may
decide they want to use yet another authentication method on top of
this, NIS for example. We could then need another type of ID string.
So, yeah, I think this should go into another table, with the string
itself and the auth method with which it's associated.
--
Erik Stambaugh - erik at dasbistro.com - http://www.dasbistro.com/~erik/
More information about the developers
mailing list