10:28 p.m.
Hello everyone,
DebOps v1.0.0 is here, let's release the HypnoDrones.
New DebOps release, v1.0.0
--------------------------
You can find the new version of DebOps on:
GitHub: https://github.com/debops/debops/releases/tag/v1.0.0
PyPI: https://pypi.python.org/pypi/debops/1.0.0
Galaxy: https://galaxy.ansible.com/debops/debops/ (but see below)
You can upgrade the Python-based installation by running the command:
pip install --upgrade debops
The experimental support for multi-role repositories will be/has been removed
from Ansible Galaxy and Mazer. The Ansible team is instead introducing Ansible
Collections, which use tarballs to distribute Ansible content instead of git
repositories. The Mazer client knows how to use it, but Ansible Galaxy doesn't
yet, therefore new DebOps release will not show up there until June 2019 when
new version of Ansible Galaxy service is released. Until then, you can build
your own tarball with DebOps roles using the 'make collection' command, or
install DebOps via PyPI or directly from the GitHub repository. Installation
instructions can be found here:
https://docs.debops.org/en/v1.0.0/user-guide/install.html
The brief Changelog can also be found on the documentation page:
https://docs.debops.org/en/v1.0.0/news/changelog.html
Complete, detailed changelog can be viewed using the 'git log' command.
The DebOps documentation has a separate page which details important changes
from previous release in the Ansible inventory or on the remote hosts which
you might need to perform manually:
https://docs.debops.org/en/v1.0.0/news/upgrades.html
The Python packages available on PyPI, as well as the tarballs available on
GitHub are signed with my GPG key. You can get it from the OpenPGP keyserver
network using the command:
gpg --keyserver hkp://pool.sks-keyservers.net \
--recv-keys 27067A91D620EE91D50309D92DCCF53E9BC74BEC
The v1.0.0 release contains ~370 commits since the last release in February
2019, not counting merges. Here are the usual suspects:
237 Maciej Delmanowski
32 Alin Alexandru
29 Leonardo Bechea
21 Robin Schneider
10 Imre Jonk
8 Jérémy Gardais
5 Thomas Danielsson
4 Hartmut Goebel
4 Reto Gantenbein
3 Rainer 'rei' Schuth
2 Damiano Venturin
2 Evilham
2 Serge Victor
1 André Jucovsky Bianchi
1 Dionysis Grigoropoulos
1 Jonathan Struebel
1 Julien Palard
1 Mathieu
1 Mike Mindel
1 Nicolas Quiniou-Briand
1 Stefan G. Weichinger
1 Tim Freund
1 monsterry
Thanks to everyone involved in this release, and I see you in the commits.
Goals reached since previous release
------------------------------------
The LDAP support has been completely redesigned from the ground up, both on the
server-side ('debops.slapd' role), and in the new client-side
('debops.ldap'
role). At the moment LDAP can be enabled for basic system services - UNIX
accounts and groups, 'sudo' configuration, SSH public key lookup. There are
still many more DebOps roles which have to be updated to use the new
infrastructure, but that will come in later releases.
Support for Docker Registry comes to DebOps as well, via the
'debops.docker_registry' Ansible role. This role integrates with the
'debops.gitlab' role which you can use to manage the Registry contents.
The rest of the goals outlined in the previous release were not met due to
focus on other things. But there are many new features and bugfixes present, I
suggest you check the Changelog for details.
The first stable release of DebOps is here
------------------------------------------
I decided to make the first stable release of DebOps early due to the fact that
the project is used more and more in production environments, where large
changes of the various roles might not be possible. A few times users of the
v0.8.1 release found bugs in some roles that were fixed in the 'master' branch,
but were unable to switch due to large amount of changes since the previous
release. Because of that, I think that a change of the release process is
needed. There are still many roles that need to be cleaned up and rewritten,
but hopefully a stable branch that will get bugfixes over time will be useful
to the users that require a bit more predictability.
The stable branch, first one named 'stable-1.0', will get bugfixes and security
fixes as long as the code in the 'master' branch is compatible, but there will
be no new features or major changes in the existing roles. If a role in the
'master' branch has been modified too much and direct cherry-picking of the
changes is impossible, the bugfixes might go directly to the stable branch, but
at this point a given release will probably become unsupported when a few more
recent releases are available.
DebOps uses the Semantic Versioning for its releases, with major.minor.patch
numbers. Depending on the changes, major release bump might happen on the next
release, but it's hard to tell what changes might require this. Most likely
large modifications to the Ansible inventory or changes on the remote hosts
that require a host rebuild from scratch will result in major version bump,
less severe changes will have a minor version bump.
The release schedule from the 'master' branch will probably stay the same - a
few months between each release, so that features can be polished and any bugs
fixed beforehand. Updates to the stable branches will be quickier though,
depending on bugfixes.
Plans for the next release
--------------------------
The release of Debian Buster draws closer, and I would like to prepare DebOps
for it beforehand. A migration or possible rewrite of the AppArmor role will
need to happen soon, also the 'debops.ipxe' and 'debops.preseed' roles
need to
be updated to support installation of Buster via preseeding.
Various application roles will be updated to use the new 'debops.ldap' role to
manage LDAP entries and access to the directory. I would also like to include
support for Samba and Heimdal Kerberos to reap the benefits of the
'slapd-smbk5pwd' module that allows password synchronization between various
LDAP objects. This should also benefit NFS support which could finally be
properly secured via Kerberos.
Support for installing Golang applications from source will be implemented as
well, compilation will be done on a separate unprivileged account. And as
usual, new applications, rewrites of the old roles and bugfixes here and there.
Thanks for reading and see you out there.
Maciej Delmanowski
9:17 a.m.
Am 22.05.19 um 22:28 schrieb Maciej Delmanowski:
DebOps v1.0.0 is here, let's release the HypnoDrones.
Congratulations! Thanks for bringing debops to live and maintaining it!
--
Regards
Hartmut Goebel
| Hartmut Goebel | h.goebel(a)crazy-compilers.com |
| www.crazy-compilers.com | compilers which you thought are impossible |
1:33 p.m.
Hello Maciej
Congratulation! That's really great news. Thanks a lot for your effort to make this
possible.
Cheers ganto
2:49 p.m.
Hey Maciej,
also some flowers from me ;-) Thanks for all your work. We started using
ansible in with debops and didn't regret.
Regards
Jan
Am 22.05.19 um 22:28 schrieb Maciej Delmanowski:
Hello everyone,
DebOps v1.0.0 is here, let's release the HypnoDrones.
New DebOps release, v1.0.0
4:45 p.m.
On 22-05-19 22:28, Maciej Delmanowski wrote:
DebOps v1.0.0 is here, let's release the HypnoDrones.
Awesome, thanks a lot for making it happen! I've been using DebOps at
CipherMail, Bits of Freedom and Amsterdam Wireless since v0.8.1, and I
just finished the update to v1.0.2. DebOps has greatly improved the way
we manage our servers. It's been a big step-up from our own Ansible
playbooks.
The LDAP support has been completely redesigned from the ground up,
both on the
server-side ('debops.slapd' role), and in the new client-side
('debops.ldap'
role). At the moment LDAP can be enabled for basic system services - UNIX
accounts and groups, 'sudo' configuration, SSH public key lookup. There are
still many more DebOps roles which have to be updated to use the new
infrastructure, but that will come in later releases.
I used the old debops.slapd role at CipherMail and Amsterdam Wireless.
Migrating to the new role did take some effort since my LDAP knowledge
is limited, but I got it all done in a day or so. We're also using the
debops.ldap role to manage shell accounts at Amsterdam Wireless.
Unfortunately it turned out that FusionDirectory, the web-based LDAP
management tool we used previously, would break the new directory
structure, so it had to go. We're using LDAP Account Manager now which
works just as well. It even has a nice directory tree viewer :)
Maciej, thanks a lot for all the hard work you put into the new LDAP
roles, they definitely are a big improvement over the old one. I
especially like the new ACLs and automated snapshots. I really enjoyed
reading the message you posted about it to debops-users. It's great to
see that so much care was put into it.
By the way, you mentioned that you had difficulties writing a role for
deploying a FusionDirectory frontend because it couldn't detect the base
DN. We had this issue as well, using the stretch-backports version
solved it for us. But like I said, we're using LDAP Account Manager now.
The stable branch, first one named 'stable-1.0', will get
bugfixes and security
fixes as long as the code in the 'master' branch is compatible, but there will
be no new features or major changes in the existing roles. If a role in the
'master' branch has been modified too much and direct cherry-picking of the
changes is impossible, the bugfixes might go directly to the stable branch, but
at this point a given release will probably become unsupported when a few more
recent releases are available.
That's great to hear, we can always use faster bug fixes!
Cheers,
Imre
7:08 p.m.
On Jun 05, Imre Jonk wrote:
Awesome, thanks a lot for making it happen! I've been using
DebOps at
CipherMail, Bits of Freedom and Amsterdam Wireless since v0.8.1, and I
just finished the update to v1.0.2. DebOps has greatly improved the way
we manage our servers. It's been a big step-up from our own Ansible
playbooks.
So, the question is, what's still missing from your setup? Any wishes about
where the project should head next?
Unfortunately it turned out that FusionDirectory, the web-based LDAP
management tool we used previously, would break the new directory
structure, so it had to go.
That's unfortunate. Fusion Directory looks like a really awesome LDAP
management suite with support for many schemas, services, etc. I hoped to add
support for it in the future, hopefully somewhat integrated with DebOps. Do
you know what exactly was broken, or perhaps it was your own setup that was
incompatible with new LDAP tree set up by DebOps environment and adding Fusion
Directory on top of that would still work?
We're using LDAP Account Manager now which
works just as well. It even has a nice directory tree viewer :)
Unfortunately, LDAP Account Manager package was removed from Debin Buster:
https://tracker.debian.org/news/1036031/ldap-account-manager-removed-from...
So it will take some time until is available again. Upstream provides .deb
packages but only as a direct download. That's why I was looking to add Fusion
Directory support instead, but if you say that it breaks the current LDAP
setup created by DebOps, hmmm... I wonder if something can be done about it.
Maciej, thanks a lot for all the hard work you put into the new LDAP
roles, they definitely are a big improvement over the old one. I
especially like the new ACLs and automated snapshots. I really enjoyed
reading the message you posted about it to debops-users. It's great to
see that so much care was put into it.
I need to double down and push the ldap_attrs Ansible module to the Ansible
core, if you say that the combination works so well. :-)
By the way, you mentioned that you had difficulties writing a role
for
deploying a FusionDirectory frontend because it couldn't detect the base
DN. We had this issue as well, using the stretch-backports version
solved it for us. But like I said, we're using LDAP Account Manager now.
Interesting, I will have to check the stretch-backports version then. Thanks
for the tip.
Cheers,
Maciej
9:42 p.m.
On 05-06-19 19:08, Maciej Delmanowski wrote:
So, the question is, what's still missing from your setup? Any
wishes about
where the project should head next?
Right now I mostly miss roles for Docker container management, an
authoritative DNS server, a SAML iDP with two-factor authentication and
an OpenVPN server (with LDAP and maybe 2FA). I've implemented these as
custom Ansible roles which I plan on improving and contributing to DebOps.
There are some gaps in the documentation that should be filled. Some
basic things like provisioning a new host took me quite some time to
figure out when I first tried DebOps, for example. I read on the list
that Nicolas Quiniou-Briand wants to work on that, which is great!
That's unfortunate. Fusion Directory looks like a really awesome
LDAP
management suite with support for many schemas, services, etc. I hoped to add
support for it in the future, hopefully somewhat integrated with DebOps. Do
you know what exactly was broken, or perhaps it was your own setup that was
incompatible with new LDAP tree set up by DebOps environment and adding Fusion
Directory on top of that would still work?
I tried out the new LDAP roles before migrating our existing directory.
I installed FusionDirectory from stretch-backports after running the
ldap/init-directory playbook, but the final step of the installation
process required performing migrations on the LDAP directory that
failed, leaving me with a broken setup. I didn't investigate it further.
Unfortunately, LDAP Account Manager package was removed from Debin
Buster:
https://tracker.debian.org/news/1036031/ldap-account-manager-removed-from...
So it will take some time until is available again. Upstream provides .deb
packages but only as a direct download. That's why I was looking to add Fusion
Directory support instead, but if you say that it breaks the current LDAP
setup created by DebOps, hmmm... I wonder if something can be done about it.
Yeah I noticed that as well. It was also the main reason why we wanted
to use FusionDirectory in the first place. I guess we'll backport the
upstream packages when we migrate to Buster.
Note that FusionDirectory has an ACL system of its own, which might not
be easy to combine with the ACL rules that are set by DebOps. All LDAP
operations are performed by an LDAP admin user under the hood. What I
like about LDAP Account Manager (besides the directory tree browser) is
that it does not require an administrative user, additional LDAP schemas
or inserting/migrating LDAP entries to work.
Imre
8:44 a.m.
Am 05.06.19 um 21:42 schrieb Imre Jonk:
I've implemented these as
custom Ansible roles which I plan on improving and contributing to DebOps.
Great! This is how we get DepOps improved :-)
--
Regards
Hartmut Goebel
| Hartmut Goebel | h.goebel(a)crazy-compilers.com |
| www.crazy-compilers.com | compilers which you thought are impossible |
9:27 a.m.
On Jun 05, Imre Jonk wrote:
Right now I mostly miss roles for Docker container management
This type of thing would probably be done via docker_service, docker_compose
and other docker_* Ansible modules. Creating a role that has the correct order
of tasks general enough so it can be useful for most users might be hard,
although I haven't looked into that yet. I imagine that it might be easier to
let users write playbooks to manage their containers on Docker hosts managed
by DebOps - no need for crazy default variables that are modified via
inventory, just write docker_compose tasks directly. But, you are working on
a Docker client role, I'm eager to see how that looks like. :-)
an authoritative DNS server
I'm starting to feel the need for a better, centralized DNS/DHCP services as
well. Currently I'm working with two tinc VPN networks with separate subnets
and subdomains, which makes handling the resolver interesting. Having a local
unbound that redirects the requests to the correct DNS server based on the
subdomain helps, but I imagine that a central DNS that has dynamic subdomains
managed by DHCP could work better and not be confined to my workstation.
I'm looking into ISC BIND since this is what we are currently using in
production, and it nicely compliments the existing debops.dhcpd role which
uses ISC DHCPD. But I know that many DebOps users prefer PowerDNS, so if
anybody has a role for that, let me know.
a SAML iDP with two-factor authentication
In Debian there's lemonldap-ng package[1] which apparently provides OpenID,
CAS and SAML support but I have no idea how popular this solution is. At work
we are using Jasig CAS which is now apparently Apereo CAS[2](?). It's not in
Debian though.
What I would like to work in next with the LDAP support is Samba support, to
leverage the slapd-smbk5pwd support in Debian to synchronize Samba and basic
auth passwords. This will force us to the Heimdal Kerberos implementation if
we want to integrate that as well though. I haven't played with Kerberos at
all yet, so I don't know if that's good or bad vs MIT Kerberos.
[1]: https://packages.debian.org/stretch/lemonldap-ng
[2]: https://www.apereo.org/projects/cas
an OpenVPN server (with LDAP and maybe 2FA).
Indeed, Tinc VPN currently supported in DebOps is a nice solution for internal
mesh network in a data center, but it lacks sufficient controls for authorized
access. Having OpenVPN integrated with LDAP for authentication would be nice,
but that requires use of the shared secrets, right?
If we would want to support certificate authentication with OpenVPN, that
would require improvement of the client certificate support in debops.pki
role. A simple set of scripts that let sysadmin generate client certs based on
the e-mail address locally on Ansible Controller, against a specific internal
CA should probably be enough for small setups, something bigger might require
a dedicated service.
Perhaps users could authenticate to a website using their LDAP credentials,
and after checking the authorization the service could generate a client
certificate for them with installation instructions provided. I wonder if
something like this exists... Probably FreeIPA and/or Dogtag PKI has something
like this built-in, but they are currently in eternal Sid basement hell since
I remember, at least a few years now (in Debian Unstable with bugs that
perpetually kick them out from current Testing release). Maybe Debian Bullseye
will be a lucky break?
I've implemented these as
custom Ansible roles which I plan on improving and contributing to DebOps.
Looking forward to the PRs. :-)
There are some gaps in the documentation that should be filled. Some
basic things like provisioning a new host took me quite some time to
figure out when I first tried DebOps, for example. I read on the list
that Nicolas Quiniou-Briand wants to work on that, which is great!
I try to fill the gaps in the documentation at least a bit every major
release, but right now I'm more focused on cleaning up and rewriting existing
old roles, and adding new features here and there. But I agree, DebOps is now
so much beyond simple Ansible roles that for a new user it all probably looks
intimidating and they probably have to have a real need to even consider
trying out the project in the first place. A few documentation pages that
introduce Debian, Ansible and finally DebOps to new users would probably help;
Ansible because I see many new Ansible users that try out DebOps and then
vanish without a trace, and Debian because a basic knowledge about the
operating system of choice is very helpful when debugging errors during
playbook execution. There are excellent tutorials for both of these things
elsewhere, but having a more focused ones in relation to DebOps itself might
be a good thing.
I tried out the new LDAP roles before migrating our existing
directory.
I installed FusionDirectory from stretch-backports after running the
ldap/init-directory playbook, but the final step of the installation
process required performing migrations on the LDAP directory that
failed, leaving me with a broken setup. I didn't investigate it further.
I think that sidestepping the setup wizard entirely and generating the config
files needed by FusionDirectory directly might be a solution to this. I'm not
sure what changes FD requires in the LDAP directory itself, will have to
investigate.
> Unfortunately, LDAP Account Manager package was removed from
Debin Buster:
> https://tracker.debian.org/news/1036031/ldap-account-manager-removed-from...
>
Yeah I noticed that as well. It was also the main reason why we wanted
to use FusionDirectory in the first place. I guess we'll backport the
upstream packages when we migrate to Buster.
Note that FusionDirectory has an ACL system of its own, which might not
be easy to combine with the ACL rules that are set by DebOps. All LDAP
operations are performed by an LDAP admin user under the hood. What I
like about LDAP Account Manager (besides the directory tree browser) is
that it does not require an administrative user, additional LDAP schemas
or inserting/migrating LDAP entries to work.
Indeed, a non-opinionated client that doesn't try to impose any specifics and
lets the users manage their entries might be best. I'm currently using Apache
Directory Studio to work with the LDAP directory, but this might be overkill
to staff administrators and other such personnel.
There's also phpLDAPadmin web application... which also has been kicked out of
Debian Buster, so that's moot. Looks like standalone clients or a custom
in-house applications tailored to the needs of a particular organization are
the preferred solutions to LDAP management these days.
Cheers,
Maciej
5:11 p.m.
Hi Maciej,
On 06-06-19 09:27, Maciej Delmanowski wrote:
I'm starting to feel the need for a better, centralized DNS/DHCP
services as
well. Currently I'm working with two tinc VPN networks with separate subnets
and subdomains, which makes handling the resolver interesting. Having a local
unbound that redirects the requests to the correct DNS server based on the
subdomain helps, but I imagine that a central DNS that has dynamic subdomains
managed by DHCP could work better and not be confined to my workstation.
I'm looking into ISC BIND since this is what we are currently using in
production, and it nicely compliments the existing debops.dhcpd role which
uses ISC DHCPD. But I know that many DebOps users prefer PowerDNS, so if
anybody has a role for that, let me know.
Are there many Dutch DebOps users? I'm asking because PowerDNS is the
typical authoritative DNS server of every Dutch hosting company, ever.
I've worked a lot with PowerDNS software while I was an intern at such a
company, I really liked it. And I'm currently trying out the built-in
dynamic DNS update functionality with ISC DHCP server, which might prove
interesting.
Also, lead developers Bert Hubert and Peter van Dijk are just great guys.
> a SAML iDP with two-factor authentication
In Debian there's lemonldap-ng package[1] which apparently provides OpenID,
CAS and SAML support but I have no idea how popular this solution is. At work
we are using Jasig CAS which is now apparently Apereo CAS[2](?). It's not in
Debian though.
I tried LemonLDAP::NG a while ago while I was looking for SAML iDP
software, but eventually went with SimpleSAMLphp because of its
documentation and extensibility.
> an OpenVPN server (with LDAP and maybe 2FA).
Indeed, Tinc VPN currently supported in DebOps is a nice solution for internal
mesh network in a data center, but it lacks sufficient controls for authorized
access. Having OpenVPN integrated with LDAP for authentication would be nice,
but that requires use of the shared secrets, right?
I don't think so, not with the openvpn-auth-ldap package. I've been
testing a setup where I would connect OpenVPN to my LDAP server (with
TLS), and then have clients authenticate to the OpenVPN server with
their LDAP credentials. The client connection also uses TLS, and in my
case the server certificate was signed by Let's Encrypt. The clients
don't need any certificates at all, just the Let's Encrypt root in their
trust store. Using a public CA requires that clients verify the x509
subject, which can be done with something like this in the client config:
verify-x509-name 'CN=openvpn.example.com' subject
I've been looking at deploying this setup in production, but with 2FA.
Should not be too hard with YubiKeys:
https://developers.yubico.com/yubico-pam/YubiKey_and_OpenVPN_via_PAM.html
If we would want to support certificate authentication with OpenVPN,
that
would require improvement of the client certificate support in debops.pki
role. A simple set of scripts that let sysadmin generate client certs based on
the e-mail address locally on Ansible Controller, against a specific internal
CA should probably be enough for small setups, something bigger might require
a dedicated service.
Perhaps users could authenticate to a website using their LDAP credentials,
and after checking the authorization the service could generate a client
certificate for them with installation instructions provided. I wonder if
something like this exists... Probably FreeIPA and/or Dogtag PKI has something
like this built-in, but they are currently in eternal Sid basement hell since
I remember, at least a few years now (in Debian Unstable with bugs that
perpetually kick them out from current Testing release). Maybe Debian Bullseye
will be a lucky break?
Why let users authenticate with LDAP to download a client certificate
when they could just use those LDAP credentials directly in their
OpenVPN client? It wouldn't make a difference in terms of security,
unless that website would only be available from inside the company
network. But that would be another usability hurdle.
I try to prevent having end users hassle with certificates and keep the
focus on strong passwords and 2FA instead. PKI is hard ;)
Cheers,
Imre
3:29 p.m.
Hello,
On 2019-06-06 9:27 a.m., Maciej Delmanowski wrote:
In Debian there's lemonldap-ng package[1] which apparently
provides OpenID,
CAS and SAML support but I have no idea how popular this solution is.
As a french guy, I can tell you this software is widely used in France,
specialy by french government.
I know the maintainer: Clément Oudot, a great guy behind the LTB project
[0] and a new project, FusionIAM [1] which will rely on FusionDirectory.
I would love to see LTB softwares like White Pages and SSP in DebOps and
also LemonLDAP::NG. Some Ansible job as already done by Worteks for
LemonLDAP::NG [2].
Cheers,
[0] https://ltb-project.org/doku.php
[1] https://fusioniam.org/
[2] https://github.com/Worteks/ansible-lemonldapng
--
Nicolas Quiniou-Briand
Jabber/XMPP : nqb(a)azyx.fr
3:58 p.m.
Hi Nicolas,
On 13-06-19 15:29, Nicolas Quiniou-Briand wrote:
On 2019-06-06 9:27 a.m., Maciej Delmanowski wrote:
> In Debian there's lemonldap-ng package[1] which apparently provides
> OpenID,
> CAS and SAML support but I have no idea how popular this solution is.
As a french guy, I can tell you this software is widely used in France,
specialy by french government.
Isn't that largely because the French strongly prefer French-made
products and solutions? There are SSO solutions developed in the
Netherlands as well, but almost all universities here use Microsoft ADFS
or SimpleSAMLphp (which is developed by Uninett in Norway).
I know the maintainer: Clément Oudot, a great guy behind the LTB
project
[0] and a new project, FusionIAM [1] which will rely on FusionDirectory.
Interesting, I haven't heard of FusionIAM before. Apparently it tries to
integrate OpenLDAP, FusionDirectory, LemonLDAP::NG and some other LDAP
(web) tools.
I would love to see LTB softwares like White Pages and SSP in DebOps
and
also LemonLDAP::NG. Some Ansible job as already done by Worteks for
LemonLDAP::NG [2].
Well I've made a start with a SimpleSAMLphp role. It needs some love
before I dare to pass it on to Drybjed for review, but it's definitely
on the way.
Do you have a good use case for LemonLDAP::NG in DebOps? And how
easy/difficult would it be to integrate with other roles?
Cheers,
Imre
8 a.m.
Hello Imre,
On 2019-06-13 3:58 p.m., Imre Jonk wrote:
> As a french guy, I can tell you this software is widely used in
France,
> specialy by french government.
Isn't that largely because the French strongly prefer French-made
products and solutions? There are SSO solutions developed in the
Netherlands as well, but almost all universities here use Microsoft ADFS
or SimpleSAMLphp (which is developed by Uninett in Norway).
Certainly. Having a free software developed in your country will
encourage you to use it. Another reason is that one of a developper,
Xavier Guimard, works for french government.
Do you have a good use case for LemonLDAP::NG in DebOps? And how
easy/difficult would it be to integrate with other roles?
From my understanding, LL::NG is firstly a Web SSO with support for
other authentication protocols like SAML and CAS. An use case in DebOps
could be to use LL::NG as a WebSSO to access all applications deployed
by DebOps which supports Web SSO. Of course, LL::NG will be integrated
with LDAP directory provided by DebOps.
--
Nicolas Quiniou-Briand
Jabber/XMPP : nqb(a)azyx.fr
1760
days inactive
1795
days old
12 comments
6 participants
participants (6)
-
Hartmut Goebel -
Imre Jonk -
Jan Kowalsky -
Maciej Delmanowski -
Nicolas Quiniou-Briand -
Reto Gantenbein