OAUTH2 / SSO to Yunohost

Hi,

Is there a way I can have someone logging into Yunohost login page use OAuth2 from another provider?

For example, can Twitter accounts, Facebook accounts, etc login to Yunohost so Yunohost then creates the account in it’s LDAP ?

Michael.

Uuuuuh nope

It would be great to have such a feature. Any plans to make this happen? :slight_smile:

Sorry for bumping this older post.

You can install something like Keycloak but it’s very hard to set up. I tried a couple of years ago but I don’t remember if it was able to write the users on LDAP. It theoretically possible.

I logged in only to ask basically this, and it was the very first thread I read.

SAML, LDAP, OpenID, WS-Federation, Kerberos(??!) anything really. I tried Yunohost last year and the year before that, but the lack of integration kept me from adopting it.

AD/LDAP is super resilient because there’s a three server recommended minimum, in the case of YH; there’s one, and it’s siloed— even to other YHs.

The last time, I tried integrating it myself, but since I have no prior knowledge about OpenLDAP, and the method of configuring OpenLDAP apparently changed recently to something completely different that now required a file hierarchy, whereas before it used flat files; from what I gather. In any case, it should be straightforward learning each once you know what files are being used, except YH has hints about using both and there’s no documentation and there’s risk of damaging your directory which, by its nature, can’t be fixed with just a snapshot rollback, so I didn’t push too much.

OpenLDAP has various ways to integrate with other directories, and even to proxy other directories, so for example, in the case of YH; its built in server would remain in place appearing still local but proxying to another server or set of servers. This is was detailed quite clearly even for me who know next to nothing about it (though I manage an AD domain, it translates), but to do any of it you have to know how it’s configured.

OpenLDAP publishes too, schema differences and a copy+paste fix for how to integrate it with straight up Active Directory, the information is in the Samba website (it’s a wiki with silver background); but, you yet again have to know which config files are being used…

I must say though; it seems a little off/odd that YH’s devs built such a cool LDAP-based platform and at the same time nobody seems to know if LDAP is a medication, a color, or that thingy airplanes have on the tip of the things that go whoosh. :frowning: