migrating or onboarding existing users using LDAP and groups based ACLs
Thomas De Schampheleire
patrickdepinguin at gmail.com
Wed May 27 10:58:27 EDT 2015
(reincluding the mailing list)
On Wed, May 27, 2015 at 3:55 PM, Todd Morgan <toddlmorgan at gmail.com> wrote:
> Thanks for that Thomas :-)
> I did try something along those lines ... When creating the users via REST I specified the LDAP DN ... In the hope that would be sufficient to enable LDAP auth but the LDAP dn wasn't written through to the Database. Did you also have to specify a DN for your originally "internal" users when you edited the database? Did you also nee to blank the password field?
What I did more specifically was:
1. enable the ldap_auth plugin through the Admin->Authentication menu
(and install python-ldap)
2. configure the LDAP settings, including Base DN and LDAP search filter
3. manually editing the 'users' table in the database with a query like:
update users set extern_type='ldap' where username is not 'admin';
I did not make other adaptations in the database. So 'extern_name'
would still be 'internal'. Once a user would log in with CSL, the
extern_name would be updated automatically with the corresponding LDAP
I did not change/empty the password manually.
More information about the kallithea-general