[Systems] sunjammer's LDAP admin password changed

Bernie Innocenti bernie at codewiz.org
Tue Apr 12 12:03:20 EDT 2016

On 04/10/2016 02:45 AM, Sebastian Silva wrote:
> El 09/04/16 a las 20:01, Bernie Innocenti escribió:
>> Samuel and I spoke earlier today and we don't see a real need to keep
>> LDAP around for a handful of users on a single shell server. It's a
>> management burden, the learning curve for new sysadmins is steep, and it
>> may actually weaken our security if it's not configured properly.
>> Therefore we're thinking of migrating all users back to passwd/shadow
>> and get rid of openldap altogether... unless someone can make a case for it.
> Sounds good to me too. Does that mean we loose id.sugarlabs.org openid
> endpoint too?

I personally no longer use OpenID, and my understanding is that it's
being deprecated pretty much everywhere.

Google recommends migrating to OpenID Connect:


In spite of the name, OpenID Connect is an entirely different protocol
built on top of OAuth 2.0:


I have not done any research for free software OpenID Connect providers.
If you find a suitable one, I'd be in favor of reviving the
single-sign-on effort for sugarlabs.org. But note that any solution
based exclusively on LDAP would miss most of our users: wiki, trac,
mailman, etc...

 _ // Bernie Innocenti
 \X/  http://codewiz.org

More information about the Systems mailing list