On Fri, Aug 25, 2017 at 10:39:14AM +0200, Clément OUDOT wrote: > 2017-08-25 6:59 GMT+02:00 Luca Filipozzi <lfili...@debian.org>: > > On Wed, Aug 23, 2017 at 09:05:32AM +0200, Xavier wrote: > >> Le 23/08/2017 à 08:46, Alexander Wirt a écrit : > >> > On Wed, 23 Aug 2017, Philip Hands wrote: > >> > > >> >> Michael Lustfield <mich...@lustfield.net> writes: > >> >> > >> >> ... > >> >>> Using Gitlab (or any VCS) as the user db for guest accounts means > >> >>> adding a > >> >>> dependency that could block future upgrades... kinda like now. This is > >> >>> not a > >> >>> future-proof design and will come at a future cost. > >> >> > >> >> I suspect that Alexander's intent was just to avoid blocking the gitlab > >> >> setup on having some SSO solution in place. > >> >> > >> >> If lemonldap-ng can make use of gitlab's guest data initially, then that > >> >> lets the two things be setup independently. > >> >> > >> >> Once lemonldap-ng is shown to do the job, I doubt it will be a big task > >> >> to transfer authority for the guest data into lemonldap-ng's control, > >> >> and then have gitlab use lemonldap-ng as it's source of that data. > >> > I dont' think Lemonldap-ng does usermanagement on its own. > >> > It is a replacement for sso.d.o which allows to have more backends and > >> > provides more frontends (like saml, oauth2 and so on) > >> > > >> > Alex > >> > >> You're right, LLNG doesn't provide usermanagement. Many user's use > >> https://lsc-project.org to populate a LDAP directory from any source. > >> Clément Oudot (leader of LLNG community) is also leader of LSC-Project. > >> You can ping him if you have any question on this > > > > LDAP sync isn't what is meant by 'user management'. Rather, it's a > > combination of self-empowerment (create account, manage profile, reset > > password) and delegation administration (role creation and assignment, > > etc.). Keycloak offers some of this functionality. Whatsay I stand up a > > demo and we can kick some tires? > > Keycloack might be a good solution. I suggest you also test > FusionDirectory which I often use with LemonLDAP::NG to provide a full > identity management solution : https://www.fusiondirectory.org/
I'll have a look and consider standing it up adjacent to keycloak so we can kick the tires of both. > I made a presentation about some free softwares products that can be > used together for identity management : > https://www.slideshare.net/coudot/rmll2017-des-logiciels-libres-pour-la-gestion-des-identits. > Sadly it's in french but you have all product names, screenshots and > links to websites. Merci. > For information there will be a lot of presentation on this topic at > the next LDAPCon (https://ldapcon.org/2017/). Maybe some people from > Debian community can join us at this event. I can't but maybe other DSA members can. I mention DSA in particular because I personally view the management of LDAP and Identity Provider Solutions as fairly core duties of DSA. I have to build consensus with my colleagues (so start with a public email, Luca, that's a good idea) but the demo is as much for them as for anyone else. (hi guys) -- Luca Filipozzi
