zidesm
commented
6 months ago Please add LDAP support for the users.
Maybe in the future roles could be assigned to specify which users or group can access certain applications.
Open traverseda opened 6 months ago
zidesm
commented
6 months ago Please add LDAP support for the users.
Maybe in the future roles could be assigned to specify which users or group can access certain applications.
lyrameg
commented
5 months ago Jellyfin has a plugin which can be installed. (https://github.com/9p4/jellyfin-plugin-sso/tree/main)
create an entry in cosmos openID and paste that into "OpenID Client ID" and "OID Secret" in the SSO config
then you have to fill out "OID Endpoint" with https://YOUR_DOMAIN/.well-known/openid-configuration
finally check the box "Enabled", enable the folders you want them to access(or check the box to enable all) and click Save.
Though it would be nice to have support for LDAP for other apps, but you can use Jellyfin with openID
gianlazz
commented
3 months ago @lyrameg correct me if I'm wrong but I think the issue with jellyfin and OIDC is with signing in via 3rd party apps.
Edit: Looks like you may be able to work around this with the Quick Connect feature. LDAP would still be nice here to avoid this hurdle.
traverseda
commented
3 months ago Yeah, I don't think that OIDC plugin will work with my android TV client.
You also need LDAP for things like gitea, since git clients don't support OIDC. It's impractical to use OIDC to authenticate an SSH session for example.
azukaar
commented
3 months ago Yeah, I don't think that OIDC plugin will work with my android TV client.
You also need LDAP for things like gitea, since git clients don't support OIDC. It's impractical to use OIDC to authenticate an SSH session for example.
WDYM dont you just create an SSH token on your account regardless of your web connection method
traverseda
commented
3 months ago No, that's some weird bullshit that github invented. I don't want to create a new token for every computer I deploy my dotfiles on. Git has always worked with password authentication, and github's insistence on not allowing password authentication is mostly to force people to use the github-cli app, not for any legitimate reason. It's the same embrace-extend-extinguish stuff they always do. The whole "you have to use tokens we don't allow passwords" thing, while it does probably help security to some extent, I believe is mostly driven by a desire to create friction for normal git workflows. Someone had a KPI that was "get people to install github-cli", and that was how they did it.
azukaar
commented
2 months ago I think you're being a little mislead, the base git client does support SSH authentication natively, regardless of github, and it is also the best way to secure your account, because that SSH token only allows using git actions, and cannot authenticate to the web admin, also it is well kept by your system and harder to compromise. Additionally deploying a key per device is normal for SSL. And FINALLY not only the base git client supports SSH keys auth just fine, github also allows password authentication regarless (both from the git client and their git cli). I think you're getting yourself worked up on something that simply isn't quite as bad as you think
Feature Description
There are some services that only support LDAP. This will probably always be true. One that really affects end users is jellyfin. For more corporate users all the git servers, gitea, bitbucket, etc, all work much better when using LDAP directly.
https://github.com/glauth/glauth is a nice go library for implementing LDAP servers.