[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Single Sign On for Debian

On Wed, Aug 23, 2017 at 09:05:32AM +0200, Xavier wrote:
> Le 23/08/2017 à 08:46, Alexander Wirt a écrit :
> > On Wed, 23 Aug 2017, Philip Hands wrote:
> > 
> >> Michael Lustfield <michael@lustfield.net> writes:
> >>
> >> ...
> >>> Using Gitlab (or any VCS) as the user db for guest accounts means adding a
> >>> dependency that could block future upgrades... kinda like now. This is not a
> >>> future-proof design and will come at a future cost.
> >>
> >> I suspect that Alexander's intent was just to avoid blocking the gitlab
> >> setup on having some SSO solution in place.
> >>
> >> If lemonldap-ng can make use of gitlab's guest data initially, then that
> >> lets the two things be setup independently.
> >>
> >> Once lemonldap-ng is shown to do the job, I doubt it will be a big task
> >> to transfer authority for the guest data into lemonldap-ng's control,
> >> and then have gitlab use lemonldap-ng as it's source of that data.
> > I dont' think Lemonldap-ng does usermanagement on its own. 
> > It is a replacement for sso.d.o which allows to have more backends and
> > provides more frontends (like saml, oauth2 and so on)
> > 
> > Alex
> You're right, LLNG doesn't provide usermanagement. Many user's use
> https://lsc-project.org to populate a LDAP directory from any source.
> Clément Oudot (leader of LLNG community) is also leader of LSC-Project.
> You can ping him if you have any question on this

LDAP sync isn't what is meant by 'user management'. Rather, it's a
combination of self-empowerment (create account, manage profile, reset
password) and delegation administration (role creation and assignment,
etc.). Keycloak offers some of this functionality. Whatsay I stand up a
demo and we can kick some tires?

Luca Filipozzi

Reply to: