Forum

I know that you've previously declined implementing support for user authentication via LDAP. As I really love Hiawatha, but still have a use cases where (good) LDAP support is required, would it be possible to offer some sort of API for which third-party developers can write authentication plugins? As an example, I do have both use cases where rather complex LDAP queries get send to the LDAP server (using a dedicated bind DN), and use cases where it is sufficient to use the credentials provided by the user as bind DN to simply verify if the credentials are valid at all.

LDAP authentication support is simply too much work for a webserver that is being used by only a few people. If you want to add it yourself, src/httpauth.c is where you need to make changes.

Another reason for me to no implement it, is because when I add LDAP support, the next person will ask for MySQL support, the next for PostgreSQL support and before I know it, Hiawatha will be as bloated as Apache. My advice is to put the LDAP authentication support where it belongs: in the web application.

That is the exact reason why I've asked if you could imagine simply offering some sort of authentication API, enabling users to write/use their own authentication plugin while still being able to use their distro's stock Hiawatha package (which would have the benefit of enabling users to use features like "unattended upgrades"/"automatic security updates" while still being able to use their custom authentication backend.

Use cases might include things like download sites, where it would be preferable to be able to have the webserver serve the static download files instead of having to shove the whole download through a CGI just to be able to have LDAP/MySQL/PAM/whatever authentication.