[om-infra] sso - custom username support is working now

Robert Xu robxu9 at gmail.com
Tue Jan 19 01:54:13 EST 2016


Okay, so it's a good thing I caught this - LDAP is storing passwords
in clear text. That is unacceptable.

Can someone figure out a way to make LDAP store them hashed? We cannot
proceed with passwords in clear text.

On 18 January 2016 at 20:03, Robert Xu <robxu9 at gmail.com> wrote:
> Uhh, I can - but it's ugly. I'll put the patches up somewhere I guess.
>
> On 18 Jan 2016 19:00, "Raphaël Jadot" <rj at hodo.fr> wrote:
>>
>> Maybe silly question but is your hack shareable upstream?
>>
>> --
>> Sent from Yandex.Mail for mobile
>>
>> 19.01.2016, 00:39, "Robert Xu" <robxu9 at gmail.com>:
>>
>>
>> :)
>>
>> Okay - so for Discourse, the best option would be to use SAML
>> (https://github.com/kirushik/discourse_saml_auth_proxy). This will
>> ensure that attributes stay in sync between LemonLDAP and Discourse.
>>
>> I can get OpenProject set up with CAS, so you can authenticate there.
>>
>> I'll need to get Kahinah running with CAS, and we'll see if we can get
>> our own abf.openmandriva.org to use CAS or SAML (ask fedya?).
>>
>> Robert
>>
>> On 18 January 2016 at 10:20, Raphaël Jadot <rj at hodo.fr> wrote:
>>
>>  That's AWESOME :)
>>
>>  --
>>  Sent from Yandex.Mail for mobile
>>
>>  17.01.2016, 06:13, "Robert Xu" <robxu9 at gmail.com>:
>>
>>
>>  hi all,
>>
>>  I've added custom username support to lemonldap::ng. I think I covered
>>  all areas - but please let me know if I missed some edge case.
>>
>>  lemonldap::ng still needs the ability to modify email addresses, but I
>>  think we can leave that off to another time.
>>
>>  this means we are ready to start connecting systems to lemonldap::ng.
>>  what should we do first?
>>
>>  cheers,
>>  Robert
>>
>>
>>  --
>>  cheers, Robert :: github.com/robxu9
>>
>>
>>
>>
>>
>>
>> --
>> cheers, Robert :: github.com/robxu9



-- 
cheers, Robert :: github.com/robxu9



More information about the OM-Infra mailing list