I currently host a virtual airline (which is essentially a clan for Flight Simulator addicts) that is currently rolling out a bunch of services for our members. One feature we are interested in is "private voice communications" are we are taking a peek at TS and Ventrillo.

We have made an architectural decision to use LDAP for authentication purposes; our web server does so, and existing software packages use this mechanism as well. We do not wish to change this, nor do we wish to duplicate our existing credentials data in mySQL or another relational detabase.

Are there plans for TS2 to support authentication against an LDAP back-end?

Cheers!

Luke

No, there aren't because TS2 development has been stopped in favour of TS3.
I don't know if TS3 will have LDAP support.

I don't know if TS3 will have LDAP support.

Anyone got any details on this?

Cheers!

Luke

Anyone got any details on this?
Nope, nobody has details on it.

For some reason the developer team dosent wish to relase any details. So they will hit us by suprise, and we will have to rush to make sure everything works. Way to go guys! :mad:

For some reason the developer team dosent wish to relase any details. So they will hit us by suprise, and we will have to rush to make sure everything works. Way to go guys!

There will be plenty of time for you to "make sure everything works". There will be a closed beta, and a open beta before we release ts3...plenty of time.

Well with a bit of scripting work LDAP support is possible as with almost every Application that stores Data in cleartext ;)

So you export from the LDAP Directory and import into the TS Database wich then should ideally run on MySQL. There should not be any problems with formatting the data as it is pretty straight forward in the TS-MySQL DB.

I haven't tried it with TS but with another Application this way as there was no native LDAP support and it worked..however this is just an idea ;)

I too think LDAP (Active Directory or NDS) would be a good option for authentication. Although you can probably make some sort of extract update of the TS data from the LDAP security provider, as some one else said, direct integration would be more valuable. For example you would then be able to use security groups from the LDAP system to allow access to the TS server or even access to various 'chat rooms' on the TS server or what an individual could do in a room like Channel Admin. This would be more complicated because the TS client would have to be able to make updates to the various security groups in the LDAP provider when, for example, the TS server admin grants a user Channel Admin rights from with in the TS client.

RC

For some reason the developer team dosent wish to relase any details. So they will hit us by suprise, and we will have to rush to make sure everything works. Way to go guys! :mad:
NEWS:
As posted in the German part of the forum: "The main feature of Teamspeak 3 will be a new background colour"

:D

Well with a bit of scripting work LDAP support is possible as with almost every Application that stores Data in cleartext ;)

You assume my LDAP server stores data in cleartext. ;)

So you export from the LDAP Directory and import into the TS Database wich then should ideally run on MySQL. There should not be any problems with formatting the data as it is pretty straight forward in the TS-MySQL DB.

Even if we got around the non-cleartext issue, I explicitly do NOT want to do a data sync in order to have TS authentication working. I have a perfectly good authentication source that two different application servers and our custom apps use, and I'd like to keep using that.

At the risk of making an unfair characterization, cleartext storage of user IDs and passwords in a database is so.... juvenile. LDAP is a pretty standard form of industrial strength distributed authentication and directory management.

Thanks everyone - it sure would be nice to get some sort of a heads-up from the dev team as to if TS3 would support LDAP for user authentication and group membership.

Cheers!

Luke

You assume my LDAP server stores data in cleartext. ;)


God no ! Teamspeak does when you use MySQL


Even if we got around the non-cleartext issue, I explicitly do NOT want to do a data sync in order to have TS authentication working. I have a perfectly good authentication source that two different application servers and our custom apps use, and I'd like to keep using that.


I guess the only way to do it to export your LDAP Data and import it into MySQL ( of course this implies that you are using MySQL for TS ). However I guess there is no way around than using cleartext at the moment.
Nevertheless I think with some scripting knowledge you should get it to work.

Ideally TS3 should follow the model of other systems using authentication and configuration and store that data using a plugin back-end. Many Linux systems use PAM (pluggable authentication modules) for this.

Note that TS is both a producer and consumer of this information, so a simple-minded synchronization between systems (eg. MySQL and LDAP) won't work, because both sides might write conflicting data to their copies and the copy process would lose information. You also need a way to trigger the copy, so the data doesn't get stale and so that you don't need to poll the other database (expensive) for changes.

Ideally TS3 should follow the model of other systems using authentication and configuration and store that data using a plugin back-end. Many Linux systems use PAM (pluggable authentication modules) for this.

Absolutely! It'd be wonderful to be able to point the server against an arbitrary back-end authentication source, wether it be a text file, ODBC data source or LDAP server.

Note that TS is both a producer and consumer of this information, so a simple-minded synchronization between systems

Yes; that's why I like to stay away from synchronization schemes, even if I could use them (I can't since our LDAP server hashes the password and I cannot extract it) To be honest, I'd probably be happiest if I could control wether TeamSpeak could update the LDAP registry data, but I don't necessarily think TeamSpeak needs to be written to control this. Typically, when authenticating the TS server would do an LDAP BIND using the supplied credentials. When updating/writing LDAP data, the TS server could use its own credentials. If I wanted to control LDAP updates I'd just not give the TS server write permissions to the directory.

Are you considering adding LDAP support to TS3?

Cheers!

Luke

It would be more useful to know what persistence the TS3 client and server needs, and abstract that as an API set.

We can already guess a lot of it by looking at the SQL table definitions in TS2.

Since TS3 is being implemented in C/C++, I'd recommend defining a set of C function signatures for access to the data in the present tables. Figure out where LDAP needs more stuff than MySQL and sqlite.

Consider also the case where the system might use multiple persistence engines. Most likely the back end should provide an abstract handle and dispatch the requests to potentially several storage systems. One might store the channel definitions in MySQL but store the users in LDAP. Only the persistence back end needs to know this.

You'll need to define notification callbacks so that changes in the persistence layer from other sources (eg. web-based managers) can be promptly communicated to the TS3 packages.

It would be more useful to know what persistence the TS3 client and server needs, and abstract that as an API set.

Certainly. Again, is this on the radar, as in beyond our own musings here?

Cheers!

Luke