Comments (16)
There is a PR to add automatic provisioning of teams based on openid claims to Vikunja. Maybe that would help your use case?
from vikunja.
Hi!
I plan to release a plugin for this, once we have a plugin api.
from vikunja.
Adding on the LDAP authentication, it would be awesome to have proxy authentication with it (as in once authorized by first service, such as Authelia, the authorization is passed via proxy headers)
from vikunja.
it would be awesome to have proxy authentication with it
@Typhonragewind Like this PR started adding?
from vikunja.
it would be awesome to have proxy authentication with it
@Typhonragewind Like this PR started adding?
Oh, I wasn't aware of it, that's awesome!
from vikunja.
Just wanted to (respectfully) ask if there's been any progress on LDAP support.
from vikunja.
No progress yet.
from vikunja.
Also would appreciate LDAP support.
from vikunja.
Hi, any feedback on this request? Would make this 100x more useful for any organization >1 person.
from vikunja.
Does openid work for you?
from vikunja.
Hi @kolaente ,
Thanks for the reply. Unfortunately, OpenID does not work. If one is self-hosting the application with the goal of not having any third-party or external dependencies, LDAP (OpenLDAP or ActiveDirectory) is really important.
I work with organizations that need to self-host applications due to safety / security and they've mostly implemented OpenLDAP, some MSFT ActiveDirectory.
from vikunja.
If one is self-hosting the application with the goal of not having any third-party or external dependencies, LDAP (OpenLDAP or ActiveDirectory) is really important.
This doesn't make any sense, since LDAP and AD are literally external dependencies.
So would be a server component that speaks OpenID Connect.
And modern self hostable projects like KanIDM or Authentik even support both — for valid reasons like having single session authentication handling.
I work with organizations that need to self-host applications due to safety / security and they've mostly implemented OpenLDAP
All the major players were moving away from OpenLDAP to other solutions in the last years. Most Linux distributors are using 389ds based solutions.
I'm not sure that safety is a concern of theirs if they continue using something that most people are moving away from and if they don't want to setup an OIDC app like Authelia.
from vikunja.
OpenLDAP and ActiveDirectory can be completely self-hosted, even if you consider them "external". I'm not sure why you believe 'most' Linux distributions are using 389DS also? I think 'FreeIPA' (from RHEL, which uses 389DS, dogtag, etc) is likely more popular but since FreeIPA has to own DNS, administering it can become complicated. Even if 389DS is 'more popular (that's debatable) it's still an LDAP provider, which means LDAP authentication would work with OpenLDAP/FreeIPA(389DS)/AD.
I work with a mix of small to huge companies and while many use providers like Okta for SASS or VPN, LDAP/AD is still there since UNIX group permissions, UIDs, NFS, Samba, etc all benefit from central administration.
from vikunja.
OpenLDAP and ActiveDirectory can be completely self-hosted, even if you consider them "external".
Well, OpenID services can be completely self-hosted too. So if you're not considering self-hosted services external, then I don't understand what you meant by this
Unfortunately, OpenID does not work. If one is self-hosting the application with the goal of not having any third-party or external dependencies, LDAP (OpenLDAP or ActiveDirectory) is really important.
OpenID servers and LDAP servers can both be self-hosted.
So either you consider both to be external dependencies or not.
If self-hosting another server is an option then you can already use an OpenID Connect server right now. If your customers use LDAP infrastructure, just spin up an Authelia instance and let it point to your LDAP server.
I work with a mix of small to huge companies and while many use providers like Okta for SASS or VPN, LDAP/AD is still there since UNIX group permissions, UIDs, NFS, Samba, etc all benefit from central administration.
Well, OIDC servers also give the benefit of central administration. The projects KanIDM and Authentik, that I mentioned before, even have less fraction in doing so, since they're single simple projects.
Therefore I'm really not sure why you can't simply spin up a simple OpenID Connect server if self-hosting is an option any way.
from vikunja.
Hello
i think openldap/Ad Support would be greet. from my point of you it would be for populating vikunja.
let me explain : i created a dockered service Vikunja. so far so well everything worked with openid and authelia, and then i created some project we had in our teams with tasks. After that a invited everyone to connect, 30% of them tried. but when they connected they did'nt see their project and abandoned.
if i could propulate vikunja with AD users at least (maybe groups too) i could have assigned beforehand the users to projects.
for example nextcloud works like that.
by the way Vikunja is really great and beautiful, a bit tricky in docker and traefik but great :)
from vikunja.
i think it will !
from vikunja.
Related Issues (20)
- Upcoming "Today" not showing expected tasks HOT 1
- Problems with single-container version: 502, Migration failed, no live upstreams HOT 1
- cannot scroll sidebar to switch to different list items HOT 2
- Line breaks not working in task description HOT 2
- Date picker current date incorrect if page was not refreshed in browser today HOT 3
- 403 Forbidden when adding Label in Share Link HOT 4
- Dark mode - Low contrast for table headers within tasks HOT 1
- Todoist migration: Buckets HOT 3
- Saved filters are not updated when tasks are updated HOT 4
- sticky openid login / Authentik OpenID misconfiguration HOT 4
- Switching back from :unstable tag to :latest tag breaks website HOT 3
- Kanban board width too small in share link HOT 1
- Error when paste text to task - error reading 'nodeSize' HOT 2
- Unable to go to cloud app in Brave Private tab. HOT 1
- Add cache-control headers to background images
- State in docs where to report bugs/issues
- patch to fix typos HOT 2
- Make import page have formatting consistent with other pages HOT 2
- Succesful login does not redirect/login HOT 1
- Various API routes return 401 error with valid token HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vikunja.