On Tue, 22 Aug 2017, Mathieu Parent wrote: > Hello, > > Le mardi 22 août 2017, Luca Filipozzi <lfili...@debian.org> a écrit : > > On Mon, Aug 21, 2017 at 04:35:59PM -0700, Raoul Snyman wrote: > >> On 2017-08-21 5:48, Alexander Wirt wrote: > >> > > I second that: Using LDAP as a single source of truth. It's also > >> > > possible to store SSH keys etc. in LDAP. > >> > Then someone has to go ahead and develop a complete usermangement for > >> > sso.d.o. As it is we can't work with software that is maybe coming at > >> > some > >> > point. Therefore we will start with gitlabs own user management, > >> > combined > >> > with debians ldap. > >> > > >> > But if you do take in point the following things: > >> > > >> > - user self management (lost password, deletion) > >> > - key self management > >> > - api for user manipulation > >> > - oauth2 frontend (sso as oauth2 provider) > >> > - maybe saml frontend (sso as saml provider) > >> > >> Has anyone looked at Keycloak? http://www.keycloak.org/ > > > > I have and deployed it for others in production. Not an unreasonable > > option. > > There is lemonldap-ng already packaged which provides saml, oauth, > openid-connect, CAS, and more (both identity provider and service > provider). It works with users in ldap but doesn't have a user management > interface. > > We use it at work and it integrates nicely with all kind of webapp > (including gitlab, via oauth). I haven't looked into it. Can lemonldap-ng have multiple backends at the same time? Specifially one LDAP (db.d.o.) Backend and one Oauth2 (gitlab) Backend?
If the answer is yes, I maybe find time to evaluate it (of course any help is appreciated) Alex
