What is the least obtrusive means of migrating a large number of users to Kallithea when using LDAP and/or Crowd external authentication?

Todd Morgan toddlmorgan at gmail.com
Sun May 3 09:41:12 EDT 2015 

Hi everyone,
    I'm trying to setup a new Kallithea (0.2.1) installation on Win2k12,
which is working OK using a vanilla installation as detailed previously.

My problem is that now I need to bring on approximately 200+ users to this
system but I need to do it in the least obtrusive fashion, as this server
will be replacing an existing system.

I have all of my users stored within CROWD and also available within LDAP.
Having each of my users manually register is not a suitable option as this
is supposed to be a seamless transition. Can anyone please advise how this
may be achieved other than manually entering all the accounts :- )


   - How can I automate the process of onboarding my users?
      - ie they simply login to the application (if they need to) and it
      works? and/or merely continue using the old repository URL (now moved to
      Kallithea) using the existing credentials and their clones just
get updated
      as required.
   - I saw two promising settings in the admin/permissions with items for:
      - registration ' allow with automatic account activation"
         - external auth account activation 'automatic activation of
         external account'
      - The second seems most useful. ie I add my external authentication
      mechanism - crowd for example - and anyone contained within
crowd should be
      able to just login to continue working.

In my attempts I found that even though I enabled the CROWD plugin
(restarted afterwards), I was still forced to create a local account within
Kallithea and then I was still forced to input a local password (what is
the point of external authentication then??). Then when I attempted to
login it was using the local auth and not the crowd authentication. ie the
local auth was taking precedence. It could be a PEBKAC but from the doco
that I could find it looks like the accounts are lazy loaded so the entire
LDAP tree doesn't get input into Kallithea. I am reasonably certain that
the CROWD integration was working as the account was given admin rights as
it's group membership was listed explicitly on the "admin groups" within
the crowd plugin and I didn't check it within the normal admin ui for users.

If there is means of achieving this through configuration perhaps there's a
script that can be used?

Thanks for listening

    Todd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sfconservancy.org/pipermail/kallithea-general/attachments/20150503/e446bc56/attachment.html>

More information about the kallithea-general mailing list