LDAP support

model

an account can optionally have an "external authorizer" (EA), described by

authorizer type

LDAP, OpenAuth?

authorizer URL authorizer account ID

if user creates account using EA,

they shouldn't be aware of a separate BOINC account

if an account has an EA, user can remove it

(after which they have to login with password)

if an account doesn't have an EA, user can add it

web login

login form has "log in with LDAP" link handler:

authorize account w/ LDAP server get back email, ID if acct w/ that email exists

if authorizer info matches, OK else show error

"a PROJECT account with that email address exists, but isn't configured to log in with LDAP. Please log in using email and PROJECT password."

else

create account

if

database

Projects can support LDAP;

this is exported in get_project_config.php

client attach

current:

do either lookup_account or create_account w/ email, passwd create account as needed

new:

GUI, attach form:

"login with LDAP" checkbox LDAP name, password fields