Identity & Access Management
Eventually, we'll need to come up with a mechanism for centralized identity management. I was reading this handy thread, and it seems to me that the way to go is:
- OpenLDAP for the actual user database
- LemonLDAP for the user-facing authentication UI, to allow for things like oauth, SAML, etc.
- FusionDirectory for the UI to administrate the user database.
FusionDirectory seems kinda sketch, I know things like phpLDAPadmin are also a thing, but last time I had to use phpLDAPadmin it was awful. I could also see selecting a different option for the user-facing side. I'm mostly writing these up to show three distinct components that we'll need to select.
Ideally this would be used to manage everything around user access to web services and infrastructure. We should be able to get k8s and kubectl to authenticate against it.