[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sandstorm authentication

Hey all!

Glad the issue is sorted for now. I think LDAP is a good idea. It should be easy (?) to configure this. Laura, do you need more permissions to test that out?

Best,

Asheesh.

On Fri, Jul 26, 2019 at 5:42 PM Andy Simpkins <rattusrattus@debian.org> wrote:
On 26/07/19 17:19, Laura Arjona Reina wrote:
> Sandstorm allows you to define an organization. You can automatically
> apply some settings to all members of your organization. Users within
> the organization will automatically be able to log in, install apps, and
> create grains.
>
> Organization membership
>
> [ ] Users authenticated via email address
> Domain: ____________
> Users with an email address at this domain will be members of this
> server's organization.
>
> [ ] Users authenticated via Google Apps for Work
> Domain: __________
> Users with a Google Apps for Work account under this domain will be
> members of this server's organization.
>
> [ ] Users authenticated via LDAP
> Note: disabled because LDAP login is not configured.
>
> [ ] Users authenticated via SAML
> Note: disabled because SAML login is not configured.
>
> From the above, I've just ticked the "[X] Users authenticated via email
> address" and added "debian.org" as domain.
>
> Can you try if it makes a difference in your experience of login in?
>

That may well have solved my annoyance at time restricted access tokens
(I have closed and reopened browser and site didn't ask me to log in again).
Obviously I should close session and wait until tomorrow to confirm that
it still 'works' (and then close this 'ticket')




> and
>
> Would that be enough or would you need people with no @debian.org
> address to access too?


I suspect that this is enough for now

>
> About LDAP, I guess Asheesh knows better about that than me (both in the
> Sandstorm and in the Debian side) so I didn't dare yet to go and try to
> configure the service in Sandstorm (and if it needs some setting in the
> machine, I have no permissions there, I just tweak the web interace),
> but for the case Asheesh cannot find the time to look at this, I will
> try to read the documentation and figure out what can I do (but not
> before debconf19 ends, probably...).

LDAP may well still be the better option (as opposed to a cookie from a
valid d.o email address).  What are your and Asheesh's view on the subject?

>
> Cheers
>

Many thanks for your help and fast response

/Andy
Reply to: