Assignment users to groups for set time, and then revoking access (or moving to another group/role)

:uk:/:us: Message template (english)

My YunoHost server

Hardware: VPS with AMD EPYC 7282 16-Core Processor and 8Gb RAM
YunoHost version: 11.2.5
I have access to my server : Through SSH, through the webadmin.
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hi, and thanks to all the maintainers of Yunohost - I’ve been using it for a few years for home projects, and it works great.
In my current use case, I am managing an NGO, where we want to allow our members to participate in courses and complete Moodle tests. The challenge here is user management: I’d like to use Yunohost as a central LDAP point, and sometimes, we need to give temporal access to our apps to specific users. It would be okay to issue and remove access manually, but sometimes it’s dozens or hundreds of users, so it’s not the best scenario. I thought that we might use something like WordPress membership plugins, where users are assigned to certain roles/groups for some time and then moved to another role after expiration.
Now, the problem is: user sync works well if we import users to Yunohost (the users are then displayed in WordPress), but not vice versa, i.e., if users register in WordPress, they can’t access Yunohost apps as their account is not created there. I tried to figure out if that’s the intended behavior or some error, but logs (yunohost-api.log and yunohost-cli.log) don’t seem to react at all when a new user registers in WordPress.

Hence, I suppose one of the following:

  1. such a feature doesn’t really exist;
  2. I must setup authLDAP plugin in WordPress in a specific way to make it work;
  3. Relevant information is mentioned somewhere in manuals, but I failed to find it.

In any case, I’d be thankful to get your feedback or maybe tips on how people do such a thing (registration and assignment of user Yunohost accounts to groups for a limited time), e.g., maybe there’s an app that can do that and in power to modify Yunohost accounts.

Hi Opetrenko,

Welcome to the forums!

I would not be surprised if it is #1, keeping in mind that Yunohost is primarily aimed at homeserver use.

Great that you can also run it at NGOs with hundreds of users :slight_smile:

I did a cursory search for LDAP in the new app catalog. There is a package ‘phpLDAPadmin’. I am not sure whether it is aimed at Yunohost, or how well the integration is, but maybe it is worth a look?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.