alonsovidales
commented
1 year ago I'm taking a look at this... Can I get more context on for what we are using LDAP? I see that only for the admin interface, am I right?
We could build the authentication for the Admin interface using the Kolibri users instead of LDAP, Kolibri already provides the interface to manage teachers, students, facilities and so on, and we can connect to the Kolibri DB or create a plugin to act as a Single sign-on. Doing it this way we don't have to modify Kolibri and we get the interface to manage them for free, but we would have to keep an eye to make it compatible with future versions.
Another option would be to write the users to the Kolibri DB from the Admin interface or to have a script to sync both every now and then...
Modify the script they provide as example ( https://github.com/learningequality/kolibri-oidc-client-plugin ) to use LDAP doesn't seem too complicated, I could do that and in that case we will use LDAP to auth but I think that we should disable the Kolibri interface to have only one source of truth 🤔
joostdam
Kolibri does not have a default ldap option to make use of the linux user accounts. It can be done thought according to a reply on my post on the Kolibri forum:
It’s possible but it’s not done. In the past some plugins to add more authentication methods have been developed, like GitHub - learningequality/kolibri-oidc-client-plugin but LDAP has not been done. However, Kolibri is a Django project, so a developer having some Python/LDAP knowledge can do it using Django Authentication Using LDAP — django-auth-ldap 4.0.1.dev3+gd1372d9.d20220128 documentation The OIDC plugin can be used to scaffold the plugin.