Feature LDAP authentication
erevodifosin opened this issue · 3 comments
Have you ever consider integrating with LDAP?
I am thinking to use this in an internal project but I would like to have LDAP authentication.
It could the same method as storing the users in DB but authenticating against an LDAP server.
Also there could be a mapping between DB groups and LDAP groups in order to give permissions directly by assigning users to LDAP groups.
@erevodifosin that is a very nice idea, I have not yet given any thought or time into researching existing LDAP libraries which might make such an integration possibel with easyauth. If you have ideas or libraries that you think might make sense, we can discuss them here, and I can consider the time needed to implement, or PR's are also very welcome.
@codemation There are two main LDAP libraries python-ldap and ldap3.
I have much experience in LDAP(attributes/filters/etc) but not that much in Python coding. I can share with you some first thoughts:
- In server_env.json we will need a variable like AUTH_TYPE. DB_TYPE will remain as this is where the easyauth's data be stored.
In case of AUTH_TYPE: LDAP
- we will need additional variables that will contain settings needed for connecting with an LDAP server.
- I think the "Forgot password?" in the login screen should be disabled. LDAP password is something users use really often(unlock their computer, login to self hosted services, etc). From personal experience I wouldn't like users to be able to change their password from anywhere else apart from their workstation. We can add a variable to toggle this on/off.
- Passwords should not be stored in the database in any format. Since passwords are managed by LDAP server, it could be a good practice not to store passwords on DB.
Any news on this ? I am using LDAP and python + ldap3 library to create my users in my local OpenLDAP server. (I didn't start installing/using Easyauth).
I am also using Azure AD (Office365). I see that Google is supported. Any project to support Azure AD ?