What is the least obtrusive means of migrating a large number

Todd Morgan toddlmorgan at gmail.com
Sun May 3 19:21:37 EDT 2015

Let me ask a different question then :-) (as CROWD and LDAP are both acceptable options for me as they represent the same information - crowd is just easier to setup and limit its scope).

If I connect up an LDAP to authenticate against Kallithea what is the end user experience for the following when the user only exists with LDAP:
- user trying to pull from an authenticated repo (ie one they already have from an old system with the same URL)? Will it just pull the changes? What about a push?
- user hitting the main Kallithea URL for the first time?
-- will they have to register? Will they merely have to enter their old credentials (from LDAP) and it will work?

The actions that I'm trying to avoid are having the new system rollout go poorly as I have 200 people having to register to use the same credentials upon the server ...and if I can help it myself having to do anything "non-standard" to make the previous work. I've no hacking database, unsupported scripts etc.


> On 4 May 2015, at 2:00 am, kallithea-general-request at sfconservancy.org wrote:
> Send kallithea-general mailing list submissions to
>    kallithea-general at sfconservancy.org
> To subscribe or unsubscribe via the World Wide Web, visit
>    http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
> or, via email, send a message with subject or body 'help' to
>    kallithea-general-request at sfconservancy.org
> You can reach the person managing the list at
>    kallithea-general-owner at sfconservancy.org
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of kallithea-general digest..."
> Today's Topics:
>   1. What is the least obtrusive means of migrating a large number
>      of users to Kallithea when using LDAP and/or Crowd external
>      authentication? (Todd Morgan)
> ----------------------------------------------------------------------
> Message: 1
> Date: Sun, 3 May 2015 23:41:12 +1000
> From: Todd Morgan <toddlmorgan at gmail.com>
> To: kallithea-general at sfconservancy.org
> Subject: What is the least obtrusive means of migrating a large number
>    of users to Kallithea when using LDAP and/or Crowd external
>    authentication?
> Message-ID:
>    <CADfCXiu7X+=d9BC=RUspWdMn_W6OwHkMfFhRvGtt_5s+s0zTkA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
> Hi everyone,
>    I'm trying to setup a new Kallithea (0.2.1) installation on Win2k12,
> which is working OK using a vanilla installation as detailed previously.
> My problem is that now I need to bring on approximately 200+ users to this
> system but I need to do it in the least obtrusive fashion, as this server
> will be replacing an existing system.
> I have all of my users stored within CROWD and also available within LDAP.
> Having each of my users manually register is not a suitable option as this
> is supposed to be a seamless transition. Can anyone please advise how this
> may be achieved other than manually entering all the accounts :- )
>   - How can I automate the process of onboarding my users?
>      - ie they simply login to the application (if they need to) and it
>      works? and/or merely continue using the old repository URL (now moved to
>      Kallithea) using the existing credentials and their clones just
> get updated
>      as required.
>   - I saw two promising settings in the admin/permissions with items for:
>      - registration ' allow with automatic account activation"
>         - external auth account activation 'automatic activation of
>         external account'
>      - The second seems most useful. ie I add my external authentication
>      mechanism - crowd for example - and anyone contained within
> crowd should be
>      able to just login to continue working.
> In my attempts I found that even though I enabled the CROWD plugin
> (restarted afterwards), I was still forced to create a local account within
> Kallithea and then I was still forced to input a local password (what is
> the point of external authentication then??). Then when I attempted to
> login it was using the local auth and not the crowd authentication. ie the
> local auth was taking precedence. It could be a PEBKAC but from the doco
> that I could find it looks like the accounts are lazy loaded so the entire
> LDAP tree doesn't get input into Kallithea. I am reasonably certain that
> the CROWD integration was working as the account was given admin rights as
> it's group membership was listed explicitly on the "admin groups" within
> the crowd plugin and I didn't check it within the normal admin ui for users.
> If there is means of achieving this through configuration perhaps there's a
> script that can be used?
> Thanks for listening
>    Todd
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.sfconservancy.org/pipermail/kallithea-general/attachments/20150503/e446bc56/attachment-0001.html>
> ------------------------------
> Subject: Digest Footer
> _______________________________________________
> kallithea-general mailing list
> kallithea-general at sfconservancy.org
> http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
> ------------------------------
> End of kallithea-general Digest, Vol 10, Issue 3
> ************************************************

More information about the kallithea-general mailing list