Re: Sandstorm authentication
Hi
El 3/12/19 a las 7:07, Asheesh Laroia escribió:
> Hey all!
>
> Glad the issue is sorted for now. I think LDAP is a good idea. It should be easy
> (?) to configure this. Laura, do you need more permissions to test that out?
>
I have configured and enabled LDAP authentication, but I have not my LDAP
password at hand to test, so I've disabled it and will test again later. In any
case, for what I read in https://db.debian.org/doc-direct.html, I think that the
barrier is that the Debian LDAP is only accessible from debian.org machines.
Kind regards,
> Best,
>
> Asheesh.
>
> On Fri, Jul 26, 2019 at 5:42 PM Andy Simpkins <rattusrattus@debian.org
> <mailto:rattusrattus@debian.org>> wrote:
>
> On 26/07/19 17:19, Laura Arjona Reina wrote:
> > Sandstorm allows you to define an organization. You can automatically
> > apply some settings to all members of your organization. Users within
> > the organization will automatically be able to log in, install apps, and
> > create grains.
> >
> > Organization membership
> >
> > [ ] Users authenticated via email address
> > Domain: ____________
> > Users with an email address at this domain will be members of this
> > server's organization.
> >
> > [ ] Users authenticated via Google Apps for Work
> > Domain: __________
> > Users with a Google Apps for Work account under this domain will be
> > members of this server's organization.
> >
> > [ ] Users authenticated via LDAP
> > Note: disabled because LDAP login is not configured.
> >
> > [ ] Users authenticated via SAML
> > Note: disabled because SAML login is not configured.
> >
> > From the above, I've just ticked the "[X] Users authenticated via email
> > address" and added "debian.org <http://debian.org>" as domain.
> >
> > Can you try if it makes a difference in your experience of login in?
> >
>
> That may well have solved my annoyance at time restricted access tokens
> (I have closed and reopened browser and site didn't ask me to log in again).
> Obviously I should close session and wait until tomorrow to confirm that
> it still 'works' (and then close this 'ticket')
>
>
>
>
> > and
> >
> > Would that be enough or would you need people with no @debian.org
> <http://debian.org>
> > address to access too?
>
>
> I suspect that this is enough for now
>
> >
> > About LDAP, I guess Asheesh knows better about that than me (both in the
> > Sandstorm and in the Debian side) so I didn't dare yet to go and try to
> > configure the service in Sandstorm (and if it needs some setting in the
> > machine, I have no permissions there, I just tweak the web interace),
> > but for the case Asheesh cannot find the time to look at this, I will
> > try to read the documentation and figure out what can I do (but not
> > before debconf19 ends, probably...).
>
> LDAP may well still be the better option (as opposed to a cookie from a
> valid d.o email address). What are your and Asheesh's view on the subject?
>
> >
> > Cheers
> >
>
> Many thanks for your help and fast response
>
> /Andy
>
--
Laura Arjona Reina
https://wiki.debian.org/LauraArjona
Reply to: