[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pulp-list] LDAP, OAuth and unrecognised users



Hi,

I'm looking at switching the PulpDist web UI over to passing the correct user credentials through to Pulp instead of always querying the database as a common user (this is a prerequisite to eventually allowing read/write access to the Pulp services through the web UI's OAuth connection, instead of the current read-only access).

The LDAP auth docs are clear that when you attempt to log in via the command line clients, a failed local login will be passed back to the LDAP server, with the user being created automatically if the LDAP credentials match.

However, neither the LDAP nor the OAuth docs explain what happens if you attempt to access a Pulp server that has LDAP configured via OAuth as a user that does not exist locally in the Pulp database (yet), but *does* exist in LDAP.

Does Pulp handle this automatically? Or will I need to set up a service account so that the PulpDist web service can handle the necessary creation of passwordless user entries? (For my use case, I already know the PulpDist username represents a valid LDAP user, since PulpDist is using the relevant LDAP database for its own authentication).

Regards,
Nick.

--
Nick Coghlan
Red Hat Engineering Operations, Brisbane


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]