Hi there! Many existing orgs have a LDAP directory and it would be convenient to be able to LDAP-backed auth for meta sign in / registration.
I started working on this a few days ago to connects work's directory and will eventually submit patches upstream.
Is the current support for PAM sufficient? https://git.sr.ht/~sircmpwn/meta.sr.ht/commit/4d11e6017625ef2eb34f09c0522c4486d70bd8b9
Not really: it is possible to use pam_ldap but it creates unwanted side effects on the host system, and makes things complicated. I was cleaning up my local changes when I received the ticket's update notification :-)
Well then, I don't know what your draft looked like before you cleaned it up, but it should be easier to plug in another method now, I think . :)
For the record:
<azmeuk> I can see there has been ldap support in metasrht one year ago, but it seems to have been rolled back. <ddevault> yes, the license for the library which was used is not suitable for sourcehut's use <azmeuk> You mean python-ldap? <ddevault> probably? <ddevault> I don't remember which one it was off the top of my head <azmeuk> They moved to MIT in july <azmeuk> https://github.com/python-ldap/python-ldap/pull/417 <ddevault> only for future contributions <ddevault> any code which was written by anyone who didn't explicitly agree to the change, prior to the change, remains under the incompatible license <azmeuk> I see.
Alternative would be to use https://ldap3.readthedocs.io/en/latest/, an alternative (LGPL) ldap library for python.