I got the ldap reference implementation performing auth really nicely against a test ldap with this guide: https://www.nginx.com/blog/nginx-plus-authenticate-users/ Now there are some new challenges though:
* Great that we can auth users, but we need nginx to extract-and-forward the group information to Pulp itself. That way a middleware can create the user AND group info in the backend. * we have to figure this out all again in Apache... Maybe we should be integrating Pulp directly against django-auth-ldap [0]. I am going to try that next. The work I've done isn't 100% reusable there, but most of it is because the test server and configs I used can all be reused directly with django-auth-ldap. The concern with this approach is that we would be supporting LDAP (and transitively Active Directory) but are there other directory services Pulp needs to support? I also emailed Bin Li asking for info on how their user and group management works. On Tue, Jun 9, 2020 at 11:48 AM Adrian Likins <alik...@redhat.com> wrote: > > > On Fri, Jun 5, 2020 at 8:23 PM Brian Bouterse <bmbou...@redhat.com> wrote: > >> >> 1) django admin (the built in django UI) will be the mechanism >> administrators use to assign permissions to users and groups. This means >> the use of django admin with pulp is very likely (to me). >> >> Hopefully https://github.com/pulp/pulpcore/pull/705 will be useful here. > > >> 2) externally defined users and groups will need to be "replicated" to >> django's db at login time, probably using headers from the webserver This >> is consistent w/ the approach recommended here: >> https://www.adelton.com/django/external-authentication-for-django-projects >> > > This is more or less what galaxy_ng ends up doing, at least for the > scenarios where it runs hosted with external SSO. > > https://github.com/ansible/galaxy_ng/blob/master/galaxy_ng/app/auth/auth.py#L51 > for > example. > >
_______________________________________________ Pulp-dev mailing list Pulp-dev@redhat.com https://www.redhat.com/mailman/listinfo/pulp-dev