[Enhancement] LDAP authentication #324
Comments
ildyria
added
the
Project for volunteers
|
I have found a successor of the project Adldap2 called ldaprecord. There is a lot of documentation available on the site. I can install the module but when I have to change the authentication I'm kind of lost. |
|
Hummm.... I assume the following setting. You have:
The question is more how do you determine the local ID for the used. |
|
Hi,
I do have an LDAP server, that is the main reason to request LDAP support. And I am running Lychee. But I’m not a PHP programmer. So I’m having a hard time implementing this myself. I will take a look at the code you mentioned.
…--
Sincerely,
Jurriaan
On 30 Mar 2021, at 12:25, Benoît Viguier ***@***.***> wrote:
Hummm....
I assume the following setting. You have:
• a LDAP server
• a Lychee install.
The question is more how do you determine the local ID for the used.
For the connection, you could basically add a line to check against a user in the LDAP server here:
https://github.com/LycheeOrg/Lychee/blob/376f8c7c9c463816252319dcbdab2975d221ed8a/app/ModelFunctions/SessionFunctions.php#L141
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
The YunoHost Lychee integration would become most excellent if it included LDAP integration. That Lychee-YunoHost integration is currently declared "YunoHost level 8" meaning "quite good" but its lack of integration with YunoHost's user account system is quite a drawback. In fact, any self-hosting these days is hampered by having its own user account management. Single Sign-On (SSO) is the way to go, if we want to get ordinary people using our lovely self-hosted FOSS things. And LDAP support is a step towards SSO. |
|
Now the good news: apparently Lychee LDAP integration already exists: see the Lychee-LDAP fork by 'hfr'. Some caveats: I haven't tested or studied it; I see a gripe/grudge written in its README which is a bit in bad taste; it looks substantially documented but also a bit complex, and I don't know if that's just how complex it has to be (as LDAP's a bit fiddly itself anyway). Surely it's worth a good look? |
The fork from hfr has not been updated since its creation. We are still open to a pull request for LDAP. :) |
|
Thanks for the feedback and the link to the PR. I have skimmed and digested that now. What a pity. I opened a place-holder issue in YunoHost: lychee_ynh: I can only hope some new developer will come along and pick up the pieces and put it all together. |
|
If someone wants to give it a try, there are a package that would make the integration with Lychee easier. |
|
What a coincidence: I opted the same module three years ago... |
|
I have created a pull request (#2386) adding Keycloak as option for Oauth. Since opening this ticket I have added a Keycloak environment (together with PrivacyIdea for centralized 2FA) to my setup. And Keycloak supports LDAP so my issue would be solved. |
And pull request merged ! :) |
I have found Lychee just recently and migrated quickly to the new Laravel version which works just fine for me. Haven't found any issues. I am really happy that I can use my PostgreSQL database instead of having to run an MySQL/MariaDB next to my PostgreSQL database. And I really like the feature of having multiple users.
However my users are in an LDAP database. I would really like to have LDAP authentication added to Lychee-Laravel to simplify user management and having just one password for users. I have found a project to add LDAP to a Laravel application called adldap2. See https://github.com/Adldap2/Adldap2-Laravel. I don't know if that can be used it Lychee-Laravel. I hope LDAP authentication makes it into the application.
Cheers.
Jurriaan
The text was updated successfully, but these errors were encountered: