On Wed, Aug 23, 2017 at 09:05:32AM +0200, Xavier wrote: > Le 23/08/2017 à 08:46, Alexander Wirt a écrit : > > On Wed, 23 Aug 2017, Philip Hands wrote: > > > >> Michael Lustfield <mich...@lustfield.net> writes: > >> > >> ... > >>> Using Gitlab (or any VCS) as the user db for guest accounts means adding a > >>> dependency that could block future upgrades... kinda like now. This is > >>> not a > >>> future-proof design and will come at a future cost. > >> > >> I suspect that Alexander's intent was just to avoid blocking the gitlab > >> setup on having some SSO solution in place. > >> > >> If lemonldap-ng can make use of gitlab's guest data initially, then that > >> lets the two things be setup independently. > >> > >> Once lemonldap-ng is shown to do the job, I doubt it will be a big task > >> to transfer authority for the guest data into lemonldap-ng's control, > >> and then have gitlab use lemonldap-ng as it's source of that data. > > I dont' think Lemonldap-ng does usermanagement on its own. > > It is a replacement for sso.d.o which allows to have more backends and > > provides more frontends (like saml, oauth2 and so on) > > > > Alex > > You're right, LLNG doesn't provide usermanagement. Many user's use > https://lsc-project.org to populate a LDAP directory from any source. > Clément Oudot (leader of LLNG community) is also leader of LSC-Project. > You can ping him if you have any question on this
LDAP sync isn't what is meant by 'user management'. Rather, it's a combination of self-empowerment (create account, manage profile, reset password) and delegation administration (role creation and assignment, etc.). Keycloak offers some of this functionality. Whatsay I stand up a demo and we can kick some tires? -- Luca Filipozzi
