Initial thoughts for Release 0.4.0 from Identity planning meeting:
Support authentication against external LDAP
Conductor will integrate with LDAP Server for authentication. It will
follow the same principles as Katello, in that it will use the local DB
as its primary data source for users and fall back on LDAP (TBC). e.g.
If a user does not already exist in the local DB it will: 1)
authenticate against LDAP 2) create the user in the DB.
Deleting users will consist of deleting the user in the local DB only.
this can then be created again, the next time a user logs in using LDAP
Auth.
Listing users in Conductor, will consist of only listing the users in
the local database. Warehouse should share the same set of users as
conductor. Warehouse is likely supporting GSSAPI. We need to decide
whether warehouse will be authenticating against conductor or another
service.
We intend to use OAuth across components for authentication. This would
require adding OAuth Provider support to conductor and OAuth client
support to each component accessing protected resources. Katello
already supports a OAuth (two-legged) which hopefully means relatively
straight forward integration once we have the other parts in place.