From: Juliusz Chroboczek <jch@irif.fr> To: "Michael Ströder" <michael@stroeder.com> Cc: galene@lists.galene.org Subject: [Galene] Re: Experimental LDAP integration for Galene Date: Wed, 03 Aug 2022 12:29:31 +0200 [thread overview] Message-ID: <875yj9boxg.wl-jch@irif.fr> (raw) In-Reply-To: <f93f8541-1859-bf91-497b-68da4225903a@stroeder.com> > In general when implementing an LDAP auth client it's very helpful to make > the LDAP filter for searching the user entry configurable with kind of > template string. I agree. (Side note, I wish the LDAP community had come up with a standard schema for YP-like functionality, but that ship has sailed.) > Especially the hard-coded filter > > (&(objectClass=posixAccount)(uid=%s)) > > won't work in most LDAP deployments which do not use this object class for > accounts, with MS AD being the most prominent example. > > Especially you could define for simple access control: > > (&(uid=%s)(memberOf=cn=test-auth,dc=example,dc=org)) I agree, both the base and the filter should be configurable per group. In addition, we need some convention to encode Galene permissions (present, record, op etc.) within LDAP. That's why I'm publishing this prototype, so that interested parties can work out the useful conventions. Please deploy galene-ldap in a couple of test groups, and let the list know what features would be useful in your environment -- hopefully we can come up with something sufficiently general for everyone while not being sendmail.cf. > BTW: While historically I have quite strong LDAP background I'm still > convinced that an OpenID Connect (OIDC) integration would be more helpful > for the future. I am in touch with at least two groups of users interested in LDAP integration (yunohost.org and crans.org). If you know any users of Galene that are interested in deploying OpenID, please get me in touch with them. -- Juliusz
next prev parent reply other threads:[~2022-08-03 10:29 UTC|newest] Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-08-03 9:51 [Galene] " Juliusz Chroboczek 2022-08-03 10:17 ` [Galene] " Michael Ströder 2022-08-03 10:29 ` Juliusz Chroboczek [this message] 2022-08-03 11:48 ` Michael Ströder 2022-08-03 12:25 ` Juliusz Chroboczek
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style List information: https://lists.galene.org/postorius/lists/galene.lists.galene.org/ * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=875yj9boxg.wl-jch@irif.fr \ --to=jch@irif.fr \ --cc=galene@lists.galene.org \ --cc=michael@stroeder.com \ --subject='[Galene] Re: Experimental LDAP integration for Galene' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox