What is the least obtrusive means of migrating a large number of users to Kallithea when using LDAP and/or Crowd external authentication?
mads at kiilerich.com
Sun May 3 15:41:12 EDT 2015
On 05/03/2015 03:41 PM, Todd Morgan wrote:
> Hi everyone,
> I'm trying to setup a new Kallithea (0.2.1) installation on
> Win2k12, which is working OK using a vanilla installation as detailed
> My problem is that now I need to bring on approximately 200+ users to
> this system but I need to do it in the least obtrusive fashion, as
> this server will be replacing an existing system.
> I have all of my users stored within CROWD and also available within
> LDAP. Having each of my users manually register is not a suitable
> option as this is supposed to be a seamless transition. Can anyone
> please advise how this may be achieved other than manually entering
> all the accounts :- )
> * How can I automate the process of onboarding my users?
> o ie they simply login to the application (if they need to) and
> it works? and/or merely continue using the old repository URL
> (now moved to Kallithea) using the existing credentials and
> their clones just get updated as required.
> * I saw two promising settings in the admin/permissions with items for:
> + registration ' allow with automatic account activation"
> + external auth account activation 'automatic activation of
> external account'
> o The second seems most useful. ie I add my external
> authentication mechanism - crowd for example - and anyone
> contained within crowd should be able to just login to
> continue working.
> In my attempts I found that even though I enabled the CROWD plugin
> (restarted afterwards), I was still forced to create a local account
> within Kallithea and then I was still forced to input a local password
> (what is the point of external authentication then??). Then when I
> attempted to login it was using the local auth and not the crowd
> authentication. ie the local auth was taking precedence. It could be a
> PEBKAC but from the doco that I could find it looks like the accounts
> are lazy loaded so the entire LDAP tree doesn't get input into
> Kallithea. I am reasonably certain that the CROWD integration was
> working as the account was given admin rights as it's group membership
> was listed explicitly on the "admin groups" within the crowd plugin
> and I didn't check it within the normal admin ui for users.
> If there is means of achieving this through configuration perhaps
> there's a script that can be used?
"forced to create a local account" - forced how? If you create a local
user, I expect it to use local authentication.
I don't know crowd - it is probably not widely used and there might be
bugs in the auth module. Max Roman <max at choloclos.se> contributed a fix
half a year ago so I assume it works for him. He might be able to give
LDAP is more widely used - you can perhaps give that a try and either
learn from it or use it. I don't know what advantages it would have to
use crowd directly instead of through ldap - you can perhaps help
improve the documentation when you know more.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the kallithea-general