[Pulp-list] external authentication/authorization
Kodiak Firesmith
kfiresmith at gmail.com
Thu Sep 1 21:46:19 UTC 2016
I'm pretty sure the answer in Pulp's current form is: no.
But your request might be a great suggestion to make in an earlier (June?
July?) thread requesting feedback on Pulp 3.x auth - it'll be completely
different so it's a blank slate to work with. Please check out the
archives and reply to that thread with your auth needs and wants.
As an Active Directory user (mod_auth_gssapi), I agree that being able to
tie in AD names and groups in authorization would be a great improvement.
- Kodiak
On Thu, Sep 1, 2016 at 3:47 PM, Vladimir Vasilev <vvasilev at redhat.com>
wrote:
> Hi all,
>
> I'm trying to setup Pulp with external authentication and authorization
> against LDAP server.
> According to the docs direct LDAP access from pulp is deprecated so I
> followed "Apache Preauthentication" [1]
> Authentication works fine, pulp is trusting apache httpd with
> REMOTE_USER variable set.
> Problem is that the same LDAP user needs to exist in the internal pulp
> database as well.
>
> Is there a way to move both authentication and authorization to external
> provider like LDAP?
> At the end of the day I want to grant admin access to all LDAP accounts
> which are member of particular group (memberOf attribute) without making
> local pulp accounts.
>
> Thanks,
> Vova
>
> [1] https://docs.pulpproject.org/user-guide/authentication.html
>
>
>
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20160901/b6836212/attachment.htm>
More information about the Pulp-list
mailing list