Okay – this is bugging me.
The scenario is as follows: I have an OpenLDAP directory with several hundred users in it. For the records I’m using the normal inetorgperson schema.
I want to add an openid attribute for my users (in a responsible and proper way) so that I can associate users with multiple arbitrary external OpenID providers.
All I’ve managed to find on the net about this was a blog at oracle discussing how this is an issue and how it would be a really good idea to do something about it.
I’m all at sea – how on earth am I supposed to do this? Do I create a new subclass of inetorgperson and migrate everyone on to it? Can I do this without breaking everything? Do I hackily use the “labeledURI” attribute and just shove things in there?
Come on lazyweb!
Pingback: How on earth do I add OpenID to …
Give JanRain’s RPX a try: http://rpxnow.com/get
There is a free version for smaller applications that might be a good fit for you. It can integrate with existing registration systems.
It is fairly common practice to use additional object classes to provides the additional attributes necessary for institution. Particularly common in US higher education is eduPerson. Additionally, SCHAC seemed to have some adoption in Europe. In any event, LDAP entries can most certainly have multiple object classes. I’m not aware of any published object classes that define an OpenID attribute, but it might be worth a quick search. If not, I would recommend creating a simple local “person” object class that defines whatever additional attributes you need (like OpenID). OpenLDAP documentation should outline how to install and make use of such custom object classes.
Why not use labeledURI? Is it that much of a hack? An OpenID is supposed to be a URL associated with a person, after all. Using, say, eduPersonEntitlement, now that would be a hack.
And lo there are three radically different solutions!
@miles yes – labeledURI would be the least painful hack I can think of and is likely what I’ll actually do.
@brian I looked at RPX briefly the other week and it would potentially hit a lot of my needs. I’m going to have a bash with it on some of my more experimental sites and see how it fares
@will the lack of published classes defining openid (and I had a bit of a look) was exactly why I wrote this post! Thanks for the pointer on custom objects, I’ll take a look at the docs. Still on balance I think an official published class would be oh-so-sensible.
Many thanks folks. Expect another post/update when I’ve got something working.