Integrating Galene with SSO

,

Hi @ericg, hello to all.

I’m currently looking into improving Galene’s group and user management upstream, with the goal of improving Galene’s integratinon in Yunohost. There are many possible behaviours, and I’m not quite sure which one is the most desirable.

  1. We could use the SSOwAuthUser cookie to prepopulate the login dialog. This seems like a very minor improvement, since the user would still need to
  2. We could use the LDAP server to allow Yunohost users to login with their Yunohost password. It is not clear, however, that this is desirable — should you be able to join a conversation just because you happen to have a login on the server?
  3. We could use the SSOwHash cookie to automatically login users that are logged in to Yunohost. Just like (2), however, it’s not clear to me that it’s desirable.

Could people who have experience with Yunohost integration give some advice?

This is related to LDAP integration · Issue #64 · YunoHost-Apps/galene_ynh · GitHub

1 Like

First prototype of LDAP integration at https://github.com/jech/galene-ldap.

1 Like

Hello @jch,

First of all, thank you so much for Galène!

Piggybacking the cookies has never been done on YunoHost Apps, I think. I would opt for the LDAP integration as you did.

For this, maybe consider adding LDAP filters in your requests to the server? The idea is to rely on LDAP user groups to decide whether or not a user can access a conversation. Maybe make it a one-to-one ID match between LDAP and Galène groups?

Some info on our LDAP schema, for example: Common LDAP operation (for YunoHost but not only) — Moulinette 2.6.1 documentation We store our groups in ou=groups.

Piggybacking the cookies has never been done on YunoHost Apps

So what’s the proper way to login a user automatically when they have already logged into Yunohost’s core?

The idea is to rely on LDAP user groups to decide whether or not a user can access a conversation.

Right. The plan would be to add any required features to galene-imap once the Yunohost community have decided how to configure Galene on the Yunohost side.