Can Plesk work with LDAP, Shibboleth, and/or CAS?

[jerrac]

Specifically, can I set up Plesk to authenticate users via my organizations LDAP server? What about CAS or Shibboleth?

I got the impression that I might be able to code something to do that. A plugin or module. How hard is that, and where would I find information on how to do it?

What about provisioning? Can I tell Plesk to automatically provision a bunch of Plesk web users for users.organization.tld/username?

 

[IgorG]

LDAP, CAS or Shibboleth authentication is not supported by Plesk.

 

[jerrac]

LDAP, CAS or Shibboleth authentication is not supported by Plesk.

There any way I could write an extension that would make it work?

 

[IgorG]

There any way I could write an extension that would make it work?

It was discussed here long time ago - http://forum.parallels.com/showthread.php?46728

 

[jerrac]

So, Plesk hasn't added any api or extensiblity in the 9 years since that topic was started? I found that topic when I was searching, but thought that something should have changed by now... I guess not.

Do you know if Plesk has any plans to add support for LDAP, CAS, or Shib? SSO support is pretty important for enterprise products. My college is working on getting it set up, with the intention that we won't use any/many products that don't support either SSO or LDAP.

'Course, maybe the use case I have is just an odd one. Oh well.

 

[EugeneKazakov]

Thank you for the request.
I see the problem is important and we will research on the extension development as soon as we can.

By the way Plesk SDK was significantly improved in 11.0 version (docs). We did not consider the idea of LDAP integration, but we should.
Plesk already has SSO integration: docs. But it could be hard to implement such extension.

 

[jerrac]

Ah, a quick glance at the sso docs you linked to show some stuff about SAML. Which means Plesk could be made to talk to Shibboleth. Nice. Now if only we had our Shibboleth instance set up, instead just in the planning stages...

Looking at the other docs lead me to the API RPC. I haven't read it in detail yet, but it looks like that would let me run Plesk operations by sending Plesk an xml file. Right? So, presumably, I could create a webspace for blah.lanecc.edu, then send xml files to Plesk when I want to add a new web user. Then I'd just have to figure out how to link that web user account to their LDAP or Shib account for authentication. (Assuming I've figured out the authentication to LDAP or SSO stuff...) So, is that possible with the SDK?

 

[jerrac]

Now that version 12 is out, are there any changes that would help get ldap/cas/shib/saml auth working?

I did find, http://ext.plesk.com/packages/c29ddd7c-cccc-4588-84c8-ac95ee559e69-ldap-auth but looking at the code, it's 12 only, and doesn't allow ldaps://. And I'm not sure it would work with Novell eDir...

So, ignoring those issues, if I had v12, and installed that extension, what would I get? Would it let users use their ldap accounts for ftp access and web ui access? Or what?

 

[EugeneKazakov]

Now that version 12 is out, are there any changes that would help get ldap/cas/shib/saml auth working?

I did find, http://ext.plesk.com/packages/c29ddd7c-cccc-4588-84c8-ac95ee559e69-ldap-auth but looking at the code, it's 12 only, and doesn't allow ldaps://. And I'm not sure it would work with Novell eDir...

So, ignoring those issues, if I had v12, and installed that extension, what would I get? Would it let users use their ldap accounts for ftp access and web ui access? Or what?

Yes, the authentication method was introduced in Plesk 12 SDK, it provides an ability to check Panel credentials bypass common machinery and use anything you'd like.
The extension is just an example of usage: we could not imagine all suitable cases. It is suggested to take the extension and implement an authentication you need.

About ftp access, you could use proftpd modules for this case.