[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Single Sign On for Debian

Le 25/08/2017 à 10:39, Clément OUDOT a écrit :
> 2017-08-25 6:59 GMT+02:00 Luca Filipozzi <lfilipoz@debian.org>:
>> On Wed, Aug 23, 2017 at 09:05:32AM +0200, Xavier wrote:
>>> Le 23/08/2017 à 08:46, Alexander Wirt a écrit :
>>>> On Wed, 23 Aug 2017, Philip Hands wrote:
>>>>> Michael Lustfield <michael@lustfield.net> writes:
>>>>> ...
>>>>>> Using Gitlab (or any VCS) as the user db for guest accounts means adding a
>>>>>> dependency that could block future upgrades... kinda like now. This is not a
>>>>>> future-proof design and will come at a future cost.
>>>>> I suspect that Alexander's intent was just to avoid blocking the gitlab
>>>>> setup on having some SSO solution in place.
>>>>> If lemonldap-ng can make use of gitlab's guest data initially, then that
>>>>> lets the two things be setup independently.
>>>>> Once lemonldap-ng is shown to do the job, I doubt it will be a big task
>>>>> to transfer authority for the guest data into lemonldap-ng's control,
>>>>> and then have gitlab use lemonldap-ng as it's source of that data.
>>>> I dont' think Lemonldap-ng does usermanagement on its own.
>>>> It is a replacement for sso.d.o which allows to have more backends and
>>>> provides more frontends (like saml, oauth2 and so on)
>>>> Alex
>>> You're right, LLNG doesn't provide usermanagement. Many user's use
>>> https://lsc-project.org to populate a LDAP directory from any source.
>>> Clément Oudot (leader of LLNG community) is also leader of LSC-Project.
>>> You can ping him if you have any question on this
>> LDAP sync isn't what is meant by 'user management'. Rather, it's a
>> combination of self-empowerment (create account, manage profile, reset
>> password) and delegation administration (role creation and assignment,
>> etc.). Keycloak offers some of this functionality. Whatsay I stand up a
>> demo and we can kick some tires?
> Keycloack might be a good solution. I suggest you also test
> FusionDirectory which I often use with LemonLDAP::NG to provide a full
> identity management solution : https://www.fusiondirectory.org/
> I made a presentation about some free softwares products that can be
> used together for identity management :
> https://www.slideshare.net/coudot/rmll2017-des-logiciels-libres-pour-la-gestion-des-identits.
> Sadly it's in french but you have all product names, screenshots and
> links to websites.


are some slides in english about FusionDirectory and the possibility,
real users cases in english



Feel free to talk to me directly if you have any questions

> For information there will be a lot of presentation on this topic at
> the next LDAPCon (https://ldapcon.org/2017/). Maybe some people from
> Debian community can join us at this event.

Benoit Mortier
OpenSides "logiciels libres pour entreprises" : http://www.opensides.eu/
Promouvoir et défendre le Logiciel Libre http://www.april.org/
Main developper in FusionDirectory : http://www.fusiondirectory.org/
Official French representative for OPSI : http://opsi.org/

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: