On Mon, Aug 21, 2017 at 04:35:59PM -0700, Raoul Snyman wrote: > On 2017-08-21 5:48, Alexander Wirt wrote: > > > I second that: Using LDAP as a single source of truth. It's also > > > possible to store SSH keys etc. in LDAP. > > Then someone has to go ahead and develop a complete usermangement for > > sso.d.o. As it is we can't work with software that is maybe coming at > > some > > point. Therefore we will start with gitlabs own user management, > > combined > > with debians ldap. > > > > But if you do take in point the following things: > > > > - user self management (lost password, deletion) > > - key self management > > - api for user manipulation > > - oauth2 frontend (sso as oauth2 provider) > > - maybe saml frontend (sso as saml provider) > > Has anyone looked at Keycloak? http://www.keycloak.org/
I have and deployed it for others in production. Not an unreasonable option. -- Luca Filipozzi
