Use Keycloak or Authentik (with LDAP plugins) #205
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The current LDAP server solution seems to keep having reoccuring issues with managing permissions, and nobody here really knowing how it's permissions work.
Switching to Authentik or Keycloak could help solve this issues!
Would this be a viable option?
I've considered this before (in fact we used Keycloak around 2 years ago for a while), but it would require quite a bit of work to switch to a different auth server and reconfigure everything to use the new service. The current LDAP setup can be annoying, but it does work and I think this is a "don't fix it if it's not broken" situation. I'd say I'm fairly knowledgeable about OpenLDAP and permissions and stuff, and I also wrote some scripts (adduser, moduser, deluser) to simplify managing the LDAP server so it's really not that bad. Of course, if I had to redo everything, I'd probably not use OpenLDAP, but I think it's too late to switch now.
Ah, that makes sense