Hi, On 2014-09-04 at 10:46:12 [+0200], Andrew Lindesay <apl@xxxxxxxxxxxxxx> wrote: > > I'm having the same line of thought actually. Presumably this > application would need to write to LDAP anyway so maybe a first step > would be to get that part working and for now use LDAP authentication as > well. This way the parts are put in place to then later extend with > OpenID; giving a bit more time to investigate those possible > projects/products that Richard has recently mentioned. I may be wrong, but I think that LDAP alone will just work as a storage backend for the users and their passwords, but it won't provide single-sign-on. As a result, one would still have to login to every haiku site. On top of that the Crowd SSO product claims to support aliases for users, such that users that have different usernames for Trac and Drupal would still have to login only once. And of course openLDAP doesn't have a decent interface, so the administrative management of the users would require another tool. If someone can recommend a decent LDAP frontend, please share ... cheers, Oliver P.S.: I believe migrating authentication data to LDAP should be quite simple (using a perl or python script), provided that the password storage format is compatible. Andrew: which format is used for storing the passwords in the haikudepotserver-DB? cheers, Oliver