User Sync Agent

[nikzen]

Description

This tool will connect to an onprem ldap. It will poll users and based on the status it will create or delete a zitadel user.

Topics for this epic:

• [x] https://github.com/famedly/ldap-sync/pull/1
• [x] https://github.com/famedly/ldap-sync/issues/3
• [x] https://github.com/famedly/ldap-sync/issues/4
• [x] https://github.com/famedly/ldap-sync/issues/5
• [x] https://github.com/famedly/ldap-sync/issues/12
• [x] https://github.com/famedly/ldap-sync/issues/14
• [x] https://github.com/famedly/ldap-sync/issues/16
• [x] https://github.com/famedly/ldap-sync/issues/23
• [x] https://github.com/famedly/ldap-sync/pull/31
• [ ] https://github.com/famedly/ldap-sync/issues/30

Further details

https://www.notion.so/famedly/Famedly-Sync-Agent-a7e1167785d44393a29083e81bc43bf4#eb2f2f86933446d38d60428f2b818500

[tlater-famedly]

I took the freedom of splitting out supporting TLS into #5 - that way we can separately track that.

Most of the implementation will be done with #1 being merged.

[tlater-famedly]

Initial test against a real AD failed because of these issues:

• 3

• 14

The former should be quite easy to fix, but the latter is practically impossible at the moment because of #15

12 is also likely to cause issues in real use, but the tool should at least be functional without that ticket being resolved.

10 is also very problematic, because it holds up all PRs on this repo. We need to figure out what's actually going wrong there.

[tlater-famedly]

We no longer support SSO, this is tracked in #30

Other than that the tool should now be ready for deployment in environments that do want to use SSO. We should make a release, do some testing, and then see about how we deploy this.

[tlater-famedly]

Currently waiting to get to testing this; we're having trouble with the customer VPN, and are waiting for replies from them.