LDAP authentication on console-level can be achieved by using PAM and NSS. On Debian they are really easy to configure using the following commands:
apt-get install libpam-ldap libnss-ldap # will install the required tools
dpkg-reconfigure libpam-ldap # configures ldap access for PAM
dpkg-reconfigure libnss-ldap # configures ldap access for NSS
The IT service department of the TU provides several ways to externally authenticate a student for a third party application. Refer to http://www.zid.tuwien.ac.at/sts/dateninfrastruktur/authentifizierungsser... for full information. In short terms, one way is to query the authentication server via an url-https-request. If the request holds an already registered TU student, the authentication server responds with the unique userID of the student. To get the full username and email address a second query has to be sent to the TU LDAP server. So far to the authentication service. Now the question is, how to integrate the authentication process into the Drupal based Techscreen framework. Drupal is a powerful web framework, which is based on the programming language PHP and the database management system mySQL. It provides core functionality, that may be customized to our specific needs. Customization and additional functionality is brought in by modules (the programmer side) and templates (the visual designer side). The login block of drupal is made of a html form element. Through so called module hooks, it is possible to influence the rendering process of the login block. For details on changing the form see http://www.lullabot.com/articles/modifying-forms-5-and-6. That means, we have to change the form elements to our specific values e.g. the action attribute, which points to the TU authentication server. After submitting the form, we wait for the response of the authentication service. The authentication server redirects its response to an url, we have configured before. So, we have to implement a php script catching and evaluating the response. If the user has been successfully authenticated, the php authentication script checks, if the user is already a member of Techscreen. Is this the case, the user will be logged in, otherwise it will be automatically registered first and logged in subsequently.