There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

LDAP to UNIX user proxy

Is there any service that will speak LDAP but just respond with the local UNIX users?

Right now I have good management for local UNIX users but every service wants to do its own auth. This means that it is a pain of remembering different passwords, configuring passwords on setting up a new service and whatnot.

I noticed that a lot of services support LDAP auth, but I don’t want to make my UNIX user accounts depend on LDAP for simplicity. So I was wondering if there was some sort of shim that will talk the LDAP protocol but just do authentication against the regular user database (PAM).

The closest I have seen is the which I can probably use by transforming my regular UNIX settings into an LDAP config at build time, but I was wondering if there was anything simpler.

(Related note: I really wish that services would let you specify the user via HTTP header, then I could just manage auth at the reverse-proxy without worrying about bugs in the service)

catloaf ,

Against which regular user database?

AllYourSmurf ,

Look into Single Sign-On services (SSO) like Authelia, Authentik, or KeyCloak. Most SSO tools do the sorts of things you’re looking for. Some will talk to the native UNIX user store. I do agree with the others, though: if you’re this far along, then it’s time to spin up LDAP and SSO, but this might be the same tool in your case.

kevincox OP ,
@kevincox@lemmy.ml avatar

But the problem is that most self-hosted apps don’t integrate well with these. For example qBittorrent, Jellyfin, Metabase and many other common self-hosted apps.

BearOfaTime ,

What’s wrong with LDAP for users? (I’m trying to think of a negative, and can’t).

kevincox OP ,
@kevincox@lemmy.ml avatar

Yet another service to maintain. If the server is crashing you can’t log in, so you need backup UNIX users anyways.

just_another_person ,

I think you’re missing the point of LDAP then. It’s a centralized directory used for querying information. It’s not necessarily about user information, but can be anything.

What you’re asking for is akin to locally hosting a SQL server that other machines can talk to? Then it’s just a server. Start an LDAP server somewhere, then talk to it. That’s how it works.

If you don’t want a network service for this purpose, then don’t use LDAP. If you want a bunch of users to exist on many machines without having to manually create them, then use LDAP, or a system configuration tool that creates and keeps them all eventually consistent.

friend_of_satan ,

deleted_by_author

    •
    kevincox OP ,
    @kevincox@lemmy.ml avatar

    I use NixOS.

    BearOfaTime ,

    Meaning what?

    kevincox OP ,
    @kevincox@lemmy.ml avatar

    NixOS makes it very easy to declaratively configure servers. For example the users config to manage UNIX users: nixos.org/manual/nixos/stable/options#opt-users.u…

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • [email protected]
  • lifeLocal
  • goranko
  • All magazines
    •