I second that: Using LDAP as a single source of truth. It's also
possible to store SSH keys etc. in LDAP.
Then someone has to go ahead and develop a complete usermangement for
sso.d.o. As it is we can't work with software that is maybe coming at
some
point. Therefore we will start with gitlabs own user management,
combined
with debians ldap.
But if you do take in point the following things:
- user self management (lost password, deletion)
- key self management
- api for user manipulation
- oauth2 frontend (sso as oauth2 provider)
- maybe saml frontend (sso as saml provider)
Alex