[Pulp-list] external authentication/authorization

Kodiak Firesmith kfiresmith at gmail.com
Thu Sep 1 21:46:19 UTC 2016

I'm pretty sure the answer in Pulp's current form is: no.
But your request might be a great suggestion to make in an earlier (June?
July?) thread requesting feedback on Pulp 3.x auth - it'll be completely
different so it's a blank slate to work with.  Please check out the
archives and reply to that thread with your auth needs and wants.

As an Active Directory user (mod_auth_gssapi), I agree that being able to
tie in AD names and groups in authorization would be a great improvement.

 - Kodiak

On Thu, Sep 1, 2016 at 3:47 PM, Vladimir Vasilev <vvasilev at redhat.com>

> Hi all,
> I'm trying to setup Pulp with external authentication and authorization
> against LDAP server.
> According to the docs direct LDAP access from pulp is deprecated so I
> followed "Apache Preauthentication" [1]
> Authentication works fine, pulp is trusting apache httpd with
> REMOTE_USER variable set.
> Problem is that the same LDAP user needs to exist in the internal pulp
> database as well.
> Is there a way to move both authentication and authorization to external
> provider like LDAP?
> At the end of the day I want to grant admin access to all LDAP accounts
> which are member of particular group (memberOf attribute) without making
> local pulp accounts.
> Thanks,
> Vova
> [1] https://docs.pulpproject.org/user-guide/authentication.html
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20160901/b6836212/attachment.htm>

More information about the Pulp-list mailing list