Hi,
> FTR, I have also been in the loop for most of this, technically. I am not > yet so well making friends with dropping LDAP as a directory backend. At > least we must be able to control LDAP servers via AlekSIS's IDM part. AlekSIS can already do that now. > wonder, if we could not leave an LDAP attached to the setup with LDAP not > being the primary data backend for user/host/what-not data, but only a > secondary data service that gets populated by AlekSIS's IDM part. AlekSIS > then has the primary IDM data and knows all information on all its > identities whereas the attached LDAP only receives a subset of information > on users/data/... I would not do that by default, but we could introduce a "Legacy" profile or something that does it on top. > Use cases, for example: a classical mailserver (e.g. Cyrus-IMAP, saslauthd, > Postfix, etc.). Dovecot can handle OAuth just fine, and for services that can't, there's always PAM. -nik
