Re: Infrastructure | Hard to create an LDAP account (#433)

Title: GitLab

Thibault Martin commented:

In my understanding we need to have three "trust level" regarding our infrasturcture:

  • Anonymous - no account created
  • Community - people who have created an account, but are not part of the Foundation
  • Foundation - foundation members

We also need a list of all the services (not only applications, but the service provided) we provide, and map the trust level we have for each.

A silly exmaple:

Application Anonymous Community Foundation
Gitlab Nothing Create repos Create repos
Nextcloud Files Nothing 0GB quota 1GB quota
Nextcloud Office Nothing Read documents shared Create and share
Rocket Chat Nothing Chat Create channels 
Discourse Read topics Create topics Create topics

I think @averi could provide a list of the apps we host, and I can certainly make it a list of services we provide. That would be the very fist step.

If we had unlimited time and people to work on this I’d draft the following roadmap:

  1. For each application we have, check if we can bind an existing local account to a LDAP account
  2. Set-up a SSO to allow user-friendly workflows with self-service registration and password reset
  3. Communicate on our different services to ask non LDAP users to register for a "GNOME Community Account" and link to the table as above so they understand what such an account will bring them; and announce that non LDAP accounts will not allow them to be used anymore
  4. Close registration on all the services except through the SSO
  5. Give users a way to reconciliate their local accounts with their new LDAP account (which, to be scaled, must be automatable, which probably means some development should be carried on)
  6. Make all our hosted services exclusively use either the SSO (recommended) or the LDAP (if SSO not available)

Its feasibility depends on the time Andrea and Bart have.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]