On Fri, 25 Aug 2017, Luca Filipozzi wrote: > On Wed, Aug 23, 2017 at 09:05:32AM +0200, Xavier wrote: > > Le 23/08/2017 à 08:46, Alexander Wirt a écrit : > > > On Wed, 23 Aug 2017, Philip Hands wrote: > > > > > >> Michael Lustfield <mich...@lustfield.net> writes: > > >> > > >> ... > > >>> Using Gitlab (or any VCS) as the user db for guest accounts means > > >>> adding a > > >>> dependency that could block future upgrades... kinda like now. This is > > >>> not a > > >>> future-proof design and will come at a future cost. > > >> > > >> I suspect that Alexander's intent was just to avoid blocking the gitlab > > >> setup on having some SSO solution in place. > > >> > > >> If lemonldap-ng can make use of gitlab's guest data initially, then that > > >> lets the two things be setup independently. > > >> > > >> Once lemonldap-ng is shown to do the job, I doubt it will be a big task > > >> to transfer authority for the guest data into lemonldap-ng's control, > > >> and then have gitlab use lemonldap-ng as it's source of that data. > > > I dont' think Lemonldap-ng does usermanagement on its own. > > > It is a replacement for sso.d.o which allows to have more backends and > > > provides more frontends (like saml, oauth2 and so on) > > > > > > Alex > > > > You're right, LLNG doesn't provide usermanagement. Many user's use > > https://lsc-project.org to populate a LDAP directory from any source. > > Clément Oudot (leader of LLNG community) is also leader of LSC-Project. > > You can ping him if you have any question on this > > LDAP sync isn't what is meant by 'user management'. Rather, it's a > combination of self-empowerment (create account, manage profile, reset > password) and delegation administration (role creation and assignment, > etc.). Keycloak offers some of this functionality. Whatsay I stand up a > demo and we can kick some tires? Role and Group Management can probably be delegated to the application. But the self-empowerment is the important thing. A demo would indeed be nice.
Alex
