[Systems] sunjammer's LDAP admin password changed
Bernie Innocenti
bernie at codewiz.org
Tue Apr 12 12:03:20 EDT 2016
On 04/10/2016 02:45 AM, Sebastian Silva wrote:
> El 09/04/16 a las 20:01, Bernie Innocenti escribió:
>> Samuel and I spoke earlier today and we don't see a real need to keep
>> LDAP around for a handful of users on a single shell server. It's a
>> management burden, the learning curve for new sysadmins is steep, and it
>> may actually weaken our security if it's not configured properly.
>> Therefore we're thinking of migrating all users back to passwd/shadow
>> and get rid of openldap altogether... unless someone can make a case for it.
> Sounds good to me too. Does that mean we loose id.sugarlabs.org openid
> endpoint too?
I personally no longer use OpenID, and my understanding is that it's
being deprecated pretty much everywhere.
Google recommends migrating to OpenID Connect:
https://developers.google.com/identity/protocols/OpenID2
In spite of the name, OpenID Connect is an entirely different protocol
built on top of OAuth 2.0:
http://openid.net/connect/
I have not done any research for free software OpenID Connect providers.
If you find a suitable one, I'd be in favor of reviving the
single-sign-on effort for sugarlabs.org. But note that any solution
based exclusively on LDAP would miss most of our users: wiki, trac,
mailman, etc...
--
_ // Bernie Innocenti
\X/ http://codewiz.org
More information about the Systems
mailing list