Hi Nik, On Do 01 Jan 1970 01:00:00 CET, Dominik George wrote:
Hi,FTR, I have also been in the loop for most of this, technically. I am not yet so well making friends with dropping LDAP as a directory backend. At least we must be able to control LDAP servers via AlekSIS's IDM part.AlekSIS can already do that now.
Cool!
wonder, if we could not leave an LDAP attached to the setup with LDAP not being the primary data backend for user/host/what-not data, but only a secondary data service that gets populated by AlekSIS's IDM part. AlekSIS then has the primary IDM data and knows all information on all its identities whereas the attached LDAP only receives a subset of information on users/data/...I would not do that by default, but we could introduce a "Legacy" profile or something that does it on top.
I would not call it Legacy, I would call it a feature. Not by default is ok.
Use cases, for example: a classical mailserver (e.g. Cyrus-IMAP, saslauthd, Postfix, etc.).Dovecot can handle OAuth just fine, and for services that can't, there's always PAM.
I have seen LDAP servers choke on incoming mail traffic. I don't want to see a Django based web service handle that.
I need to look at the technical details, before I can get rid of my LDAP-attachment...
Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
Attachment:
pgptRWJHhppTc.pgp
Description: Digitale PGP-Signatur