I'm pretty sure the answer in Pulp's current form is: no. But your request might be a great suggestion to make in an earlier (June? July?) thread requesting feedback on Pulp 3.x auth - it'll be completely different so it's a blank slate to work with. Please check out the archives and reply to that thread with your auth needs and wants.
As an Active Directory user (mod_auth_gssapi), I agree that being able to tie in AD names and groups in authorization would be a great improvement. - Kodiak On Thu, Sep 1, 2016 at 3:47 PM, Vladimir Vasilev <[email protected]> wrote: > Hi all, > > I'm trying to setup Pulp with external authentication and authorization > against LDAP server. > According to the docs direct LDAP access from pulp is deprecated so I > followed "Apache Preauthentication" [1] > Authentication works fine, pulp is trusting apache httpd with > REMOTE_USER variable set. > Problem is that the same LDAP user needs to exist in the internal pulp > database as well. > > Is there a way to move both authentication and authorization to external > provider like LDAP? > At the end of the day I want to grant admin access to all LDAP accounts > which are member of particular group (memberOf attribute) without making > local pulp accounts. > > Thanks, > Vova > > [1] https://docs.pulpproject.org/user-guide/authentication.html > > > > _______________________________________________ > Pulp-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/pulp-list >
_______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
