>> I dont think these layers do what you want?
>> What do you mean by SSO here? What protocols do you need to support?
>> I think you'd have:
>> Oauth2 -> Keycloak -> 389ds -> AD
> This is the plan which I will try to create.
> For now I will need to change the chain to the below one.
> Oauth2 -> Keycloak -> slapd-meta and slapo-rwm -> AD
Even with this setup, I'm not sure what kind of extra-data you plan to add or enrich here. As mentioned it may be considered a security / disclosure risk since openldap ACI's are not the same as AD so your meta dir may leak info.
>> Oauth2 -> Keycloak -> AD
This is the more robust solution IMO.
Senior Software Engineer,
Identity and Access Management
SUSE Labs, Australia
389-users mailing list -- email@example.com
To unsubscribe send an email to firstname.lastname@example.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://email@example.com
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Post a Comment