search

Nike-Inc / cerberus

The Cerberus micro-service, a secure property store for cloud applications. It includes a REST API, authentication and encryption features, as well as a self-service web UI for users.
http://nike-inc.github.io/cerberus
Apache License 2.0
63 stars 28 forks source link

[Feature Request] Implement an LDAP auth connector #219

Open j-lowry opened 7 years ago

j-lowry commented 7 years ago

Lots of corporate environments do not have Okta, OneLogin, etc to authenticate with. Good ol' LDAP/Active Directory is the only identity management solution available to us.

Steps to reproduce: Don't have Okta or OneLogin. Have LDAP Earliest version known to be an issue: v0.10.0

tlisonbee commented 7 years ago

Yes, the feature makes sense. This is not currently a priority for the core Cerberus team but we'll gladly accept a pull request if someone wants to implement.

Implementing the Okta connector recently only took about a day or two but implementing one for LDAP is probably quite a bit more work.

Also, for anyone considering this, LDAP tends to get setup behind a corporate firewall so ports would need to be opened for Cerberus to communicate with it. A nice advantage of products like Okta and OneLogin is that you don't need to open your corporate firewall up for a single app (like Cerberus), plus Multi-Factor Authentication (MFA), etc.

j-lowry commented 7 years ago

No, I hear all of that, preaching to the choir. A lot of environments are not quite that far along with their identity management, so the LDAP solution is the next best option.