Re: Single Sign On for Debian
- Date: Fri, 25 Aug 2017 04:59:51 +0000
- From: Luca Filipozzi <lfilipoz@xxxxxxxxxx>
- Subject: Re: Single Sign On for Debian
On Wed, Aug 23, 2017 at 09:05:32AM +0200, Xavier wrote:
> Le 23/08/2017 à 08:46, Alexander Wirt a écrit :
> > On Wed, 23 Aug 2017, Philip Hands wrote:
> >> Michael Lustfield <michael@xxxxxxxxxxxxx> writes:
> >> ...
> >>> Using Gitlab (or any VCS) as the user db for guest accounts means adding a
> >>> dependency that could block future upgrades... kinda like now. This is not a
> >>> future-proof design and will come at a future cost.
> >> I suspect that Alexander's intent was just to avoid blocking the gitlab
> >> setup on having some SSO solution in place.
> >> If lemonldap-ng can make use of gitlab's guest data initially, then that
> >> lets the two things be setup independently.
> >> Once lemonldap-ng is shown to do the job, I doubt it will be a big task
> >> to transfer authority for the guest data into lemonldap-ng's control,
> >> and then have gitlab use lemonldap-ng as it's source of that data.
> > I dont' think Lemonldap-ng does usermanagement on its own.
> > It is a replacement for sso.d.o which allows to have more backends and
> > provides more frontends (like saml, oauth2 and so on)
> > Alex
> You're right, LLNG doesn't provide usermanagement. Many user's use
> https://lsc-project.org to populate a LDAP directory from any source.
> Clément Oudot (leader of LLNG community) is also leader of LSC-Project.
> You can ping him if you have any question on this
LDAP sync isn't what is meant by 'user management'. Rather, it's a
combination of self-empowerment (create account, manage profile, reset
password) and delegation administration (role creation and assignment,
etc.). Keycloak offers some of this functionality. Whatsay I stand up a
demo and we can kick some tires?