Le 22/08/2017 à 16:29, gregor herrmann a écrit : > On Tue, 22 Aug 2017 09:45:10 +0200, Alexander Wirt wrote: > >>> There is lemonldap-ng already packaged which provides saml, oauth, >>> openid-connect, CAS, and more (both identity provider and service >>> provider). It works with users in ldap but doesn't have a user management >>> interface. >>> >>> We use it at work and it integrates nicely with all kind of webapp >>> (including gitlab, via oauth). >> I haven't looked into it. Can lemonldap-ng have multiple backends at the same >> time? >> Specifially one LDAP (db.d.o.) Backend and one Oauth2 (gitlab) Backend? > > I haven't used lemonldap-ng but I'd like to add that it's maintained > in Debian by Xavier Guimard (within the Debian Perl Group) who's also > part of upstream. I'm sure he's happy to help by answering questions > and maybe also setup or changes etc. (CC'd).
Hi all, LLNG can have many backends simultaneously. The 2.0 version (not yet published, in tests) adds a better plugin system that can be used to create new backends. For now, LLNG is usable with: * LDAP, Active-Directory, SQL, Kerberos (better with 2.0), Radius, another LLNG system (proxy or delegate), SSL (using webserver), Yubikey (better with 2.0), WebID, * SAML-2.0, CAS, OpenID-2.0, OpenID-Connect, * Multi : backend chosed by rule (better with 2.0 => "Combination") * Choice : user can choose its backend * backends usable by 2.0 only: * PAM * REST API * Second factor (U2F or custom) It can also (and simultaneously) be used as identity provider for CAS, OpenID-Connect, OpenID-2.0, SAML It has been designed for French government but is used in many places now. Our main installation handles hundreds applications for ~250000 users (~30 millions hits/day). I've heard about a bigger one in US but have no info on it. Best regards, Xavier https://lemonldap-ng.org
signature.asc
Description: OpenPGP digital signature
