Open pbuyle opened 4 years ago
chclaus
commented
4 years ago Hej @pbuyle,
had a lot on my mind - sorry for delay.
Yes. I understand the desire for integration behind a proxy. If you want to try that, you are welcome to do so - otherwise I would try to work on it in the next weeks.
Best, Christian
pbuyle
commented
4 years ago Hi,
No problem for the delay. I'm glad the project exists and already fit multiple people's needs. No pressure here.
I don't have much knowledge of Go and even less time available to work on the project. As I said, integration for upstream proxy can be a good way to get multiple birds with one stone. Basically, the problems of HTTP auth for multiple backends are already solved. Having a configurable header to pass the authenticated user id from upstream to dave would allow it to benefit from them.
chclaus
commented
4 years ago Hej hej,
ok. I'll give it a try. Thanks a lot for inspiration and I'll keep you on track.
Best, Christian
chclaus
commented
3 years ago Hej,
i will give this task up to someone else. Currently I'm out of time.
Best, Christian
It would be nice to be able to let a proxy in front of dave handle the user authentication and just accept the username from a HTTP Header. This would open the possibility to use alternative authentication method (LDAP, custom, database, etc.) without adding much complexity to dave.
And example setup is Traefik configured to use forward auth with pinepain/ldap-auth-proxy. When a request hit dave, a user has already been authenticated and it's username is stored in the
X-Auth-Userheader.Related issue: https://github.com/micromata/dave/issues/10