Web lists-archives.com

Re: Single Sign On for Debian




2017-08-25 6:59 GMT+02:00 Luca Filipozzi <lfilipoz@xxxxxxxxxx>:
> On Wed, Aug 23, 2017 at 09:05:32AM +0200, Xavier wrote:
>> Le 23/08/2017 à 08:46, Alexander Wirt a écrit :
>> > On Wed, 23 Aug 2017, Philip Hands wrote:
>> >
>> >> Michael Lustfield <michael@xxxxxxxxxxxxx> writes:
>> >>
>> >> ...
>> >>> Using Gitlab (or any VCS) as the user db for guest accounts means adding a
>> >>> dependency that could block future upgrades... kinda like now. This is not a
>> >>> future-proof design and will come at a future cost.
>> >>
>> >> I suspect that Alexander's intent was just to avoid blocking the gitlab
>> >> setup on having some SSO solution in place.
>> >>
>> >> If lemonldap-ng can make use of gitlab's guest data initially, then that
>> >> lets the two things be setup independently.
>> >>
>> >> Once lemonldap-ng is shown to do the job, I doubt it will be a big task
>> >> to transfer authority for the guest data into lemonldap-ng's control,
>> >> and then have gitlab use lemonldap-ng as it's source of that data.
>> > I dont' think Lemonldap-ng does usermanagement on its own.
>> > It is a replacement for sso.d.o which allows to have more backends and
>> > provides more frontends (like saml, oauth2 and so on)
>> >
>> > Alex
>>
>> You're right, LLNG doesn't provide usermanagement. Many user's use
>> https://lsc-project.org to populate a LDAP directory from any source.
>> Clément Oudot (leader of LLNG community) is also leader of LSC-Project.
>> You can ping him if you have any question on this
>
> LDAP sync isn't what is meant by 'user management'. Rather, it's a
> combination of self-empowerment (create account, manage profile, reset
> password) and delegation administration (role creation and assignment,
> etc.). Keycloak offers some of this functionality. Whatsay I stand up a
> demo and we can kick some tires?

Keycloack might be a good solution. I suggest you also test
FusionDirectory which I often use with LemonLDAP::NG to provide a full
identity management solution : https://www.fusiondirectory.org/

I made a presentation about some free softwares products that can be
used together for identity management :
https://www.slideshare.net/coudot/rmll2017-des-logiciels-libres-pour-la-gestion-des-identits.
Sadly it's in french but you have all product names, screenshots and
links to websites.

For information there will be a lot of presentation on this topic at
the next LDAPCon (https://ldapcon.org/2017/). Maybe some people from
Debian community can join us at this event.

Clément Oudot.