Lemon LDAP::NG, Villeurbanne’s authentication system choice

The city of Villeurbanne (France) is interested in open source technologies and has chosen Lemon LDAP::NG to control its users’ access rights.

The city of Villeurbanne had many web applications where the authentication was already delegated to a central CAS server (Central Authentication Services), modified to Villeurbanne’s needs, to give access to current internal users in the Active Directory as well as to external users stored in a database.
By adding new applications to the city’s information system (IS), it became necessary for the IS managers required the need to control access rights in order to ensure that certain users will not access confidential information.

A solution proven to respond to the «unique authentication» issues of the city of Villeurbanne

Having searched for an appropriate authentication system and having consulted experts about different possibilities and the pros and cons of different systems, the town’IS makers’ decision was drawn to LemonLDAP::NG as a unique authentication system.
LemonLDAP::NG is a unique authentication software identity manager distributed under the GPL license and adapted to companies (centralized authorization management, interoperability with all the identity exchange protocols such as CAS, OpenID, Connect, SAML,…). With a very simple installation process, the configuration can be done in text or graphic mode. LemonLDAP::NG is generally compatible with a number of web applications.
«Within the scopeof this Intranet project, composed of open-source bricks, we were looking for a unique authentication tool which allows to assign access rights based on active directory account characteristics, explains Jean-Patrick Trauet, Tehchnical and Security Manager. After analyzing different solutions, we chose Lemon::LDAP which responded perfectly to our needs.
It also became an opportunity to create an authentication portal for our web applications. In the future, we envision to evolve our Lemon::LDPA towards strong authentication.»

«After analysis different solutions, we chose Lemon::LDAP which responded perfectly to our needs. It also became an opportunity to create an authentication portal for our web applications»
Jean-Patrick Trauet, Technical and Security Manager

A project lead by Savoir-faire Linux
The city of Villeurbanne asked Savoir-faire Linux to accompany them in the implementation of LemonLDAP::NG.To help them more effectively, we had to break the project down into several phases.

• The implementation of an OpenLDAP directory to replace the referential external identity database
• The creation of connectors to automatically synchronize the accounts and Active Directory groups in the OpenLDAP directory
• The management of group rights in OpenLDAP associating internal and external users
• The implementation of LemonLDAP::NG as a CAS server to replace the old system and personalize the authentication pattern
• The migration of applications towards the new CAS server

The new authentication portal

The main benefits for the city of Villeurbanne

The city of Villeurbanne now has at its disposal a central identification (internal and external) directory and a WebSSO tool and access control. The possibility of using LemonLDAP::NG as a CAS server, but also as a supplier of headers, SAML, or OpenID Connect, allows to connect a large scope of applications.

Key data

• Number of users impacted : approximately 1000 users
• Number of project management days : 10 days
• Number of concerned applications : between 5 and 10
• Technologies used : OpenLDAP, LSC and LemonLDAP::NG , EZPublish, Alfresco, iTop, Piwik, Orchestra, développements internes en PHP