Ian, the solution to your problem may be to consolidate the other points of authentication, if not actually, than using something like an LDAP proxy:<br><div style="margin-left: 40px;"><a href="http://symlabs.com/products/ldap-proxy">http://symlabs.com/products/ldap-proxy</a><br>
</div><br>In my estimation, Koha will not be becoming an LDAP server anytime soon (probably never). LDAP is a flexible, extensible protocol with widely varying implementations and expectations in the wild. A robust implementation has to handle all kinds of things that Koha has never dealt with, like SSL encryption, certificate authentication, system expectations about the local certificate(s), LDIF file format, X.500 data, etc. Take your pick of RFCs: 1487, 2252, 1823, 1789, 1777... actually, too many to list. Try <a href="http://www.bind9.net/rfc-ldap">here</a>.<br>
<br>Even directly copying from Apache's LDAP code, implementation would still take hundreds of manhours at a minimum, including a great deal of testing. Of course the Apache code was not written in perl anyway. It is safe to say that this would be larger than <b>any</b> other Koha project currently commissioned or proposed. And have you looked at our Auth.pm code lately? We have enough trouble keeping that clean without introducing layers of added complexity.<br>
<br>Melanie, to answer the original question, existing hardware and software use the SIP2 protocol to authenticate patrons, which Koha implements well. This is the "correct" existing mechanism to use, though I'd assume there is no Joomla module for SIP. That shouldn't be a huge deal, since SIP is fairly easy to hack and you would only need to use one command, and interpret one response. By contrast to the burden of reimplementation an LDAP server, an experienced Joomla coder could probably produce the SIP Auth script in one afternoon.<br clear="all">
<br>-- <br>Joe Atzberger<br>LibLime - Open Source Library Solutions<br>