[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sandstorm authentication

Hi

El 3/12/19 a las 7:07, Asheesh Laroia escribió:
> Hey all!
> 
> Glad the issue is sorted for now. I think LDAP is a good idea. It should be easy
> (?) to configure this. Laura, do you need more permissions to test that out?
> 

I have configured and enabled LDAP authentication, but I have not my LDAP
password at hand to test, so I've disabled it and will test again later. In any
case, for what I read in https://db.debian.org/doc-direct.html, I think that the
barrier is that the Debian LDAP is only accessible from debian.org machines.

Kind regards,

> Best,
> 
> Asheesh.
> 
> On Fri, Jul 26, 2019 at 5:42 PM Andy Simpkins <rattusrattus@debian.org
> <mailto:rattusrattus@debian.org>> wrote:
> 
>     On 26/07/19 17:19, Laura Arjona Reina wrote:
>     > Sandstorm allows you to define an organization. You can automatically
>     > apply some settings to all members of your organization. Users within
>     > the organization will automatically be able to log in, install apps, and
>     > create grains.
>     >
>     > Organization membership
>     >
>     > [ ] Users authenticated via email address
>     > Domain: ____________
>     > Users with an email address at this domain will be members of this
>     > server's organization.
>     >
>     > [ ] Users authenticated via Google Apps for Work
>     > Domain: __________
>     > Users with a Google Apps for Work account under this domain will be
>     > members of this server's organization.
>     >
>     > [ ] Users authenticated via LDAP
>     > Note: disabled because LDAP login is not configured.
>     >
>     > [ ] Users authenticated via SAML
>     > Note: disabled because SAML login is not configured.
>     >
>     > From the above, I've just ticked the "[X] Users authenticated via email
>     > address" and added "debian.org <http://debian.org>" as domain.
>     >
>     > Can you try if it makes a difference in your experience of login in?
>     >
> 
>     That may well have solved my annoyance at time restricted access tokens
>     (I have closed and reopened browser and site didn't ask me to log in again).
>     Obviously I should close session and wait until tomorrow to confirm that
>     it still 'works' (and then close this 'ticket')
> 
> 
> 
> 
>     > and
>     >
>     > Would that be enough or would you need people with no @debian.org
>     <http://debian.org>
>     > address to access too?
> 
> 
>     I suspect that this is enough for now
> 
>     >
>     > About LDAP, I guess Asheesh knows better about that than me (both in the
>     > Sandstorm and in the Debian side) so I didn't dare yet to go and try to
>     > configure the service in Sandstorm (and if it needs some setting in the
>     > machine, I have no permissions there, I just tweak the web interace),
>     > but for the case Asheesh cannot find the time to look at this, I will
>     > try to read the documentation and figure out what can I do (but not
>     > before debconf19 ends, probably...).
> 
>     LDAP may well still be the better option (as opposed to a cookie from a
>     valid d.o email address).  What are your and Asheesh's view on the subject?
> 
>     >
>     > Cheers
>     >
> 
>     Many thanks for your help and fast response
> 
>     /Andy
> 

-- 
Laura Arjona Reina
https://wiki.debian.org/LauraArjona
Reply to: