AniNIX/Kapisi
3
0
Fork 0
Code Issues 30 Pull Requests 1 Projects 1 Releases Wiki Activity

Migrate from OpenLDAP to Keycloak #44

New Issue
Open
opened 2025-12-02 10:41:50 -06:00 by DarkFeather · 0 comments
DarkFeather commented 2025-12-02 10:41:50 -06:00
Owner
Copy Link

I want to consider using Keycloak as a replacement LDAP provider.

I would want to implement OIDC, SAML/SSO, and LDAP providers at a minimum.

I could migrate users into Keycloak via https://www.open200.com/post/migrating-from-ldap-user-federation-to-keycloak-as-the-sole-identity-provider through federation & unsyncing, but it will mandate password changes. However, this could fix our MediaWiki instance for @lykos by using a more maintained extension.

Working

Nonworking

Criteria

This will be moved off on-hold when we have more working rather than unworking options. For now, LDAP is still the dominant provider even without SSO.

I want to consider using Keycloak as a replacement LDAP provider. * https://www.keycloak.org/ * https://wiki.archlinux.org/title/Keycloak I would want to implement OIDC, SAML/SSO, and LDAP providers at a minimum. I could migrate users into Keycloak via https://www.open200.com/post/migrating-from-ldap-user-federation-to-keycloak-as-the-sole-identity-provider through federation & unsyncing, but it will mandate password changes. However, this could fix our MediaWiki instance for @lykos by using a more maintained extension. ## Working * Gitea: OIDC Native https://docs.gitea.com/development/oauth2-provider * MediaWiki: https://www.mediawiki.org/wiki/Extension:OpenID_Connect * TT-RSS: https://github.com/tt-rss/tt-rss-plugin-auth-oidc * SSH: https://github.com/IvanJosipovic/pam_oidc_auth/ * Graylog: https://go2docs.graylog.org/current/setting_up_graylog/oidc.html ## Nonworking * Emby (pending): https://emby.media/community/index.php?/topic/114493-sso-openid/page/3/ -- would need LDAP interim * Radius: would need LDAP continuance * Filestash: OIDC is paid https://www.filestash.app/setup-oidc.html -- would need LDAP continuance * InspIRCd/Anope: would need LDAP continuance * HomeAssistant: https://github.com/christiaangoossens/hass-oidc-auth (pending) / https://github.com/orgs/home-assistant/discussions/48 ## Criteria This will be moved off on-hold when we have more working rather than unworking options. For now, LDAP is still the dominant provider even without SSO.
DarkFeather added the
On-hold
 label 2025-12-02 10:41:50 -06:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Blocked
There are functional or technical reasons this can't be implemented yet
Duplicate
Another issue or PR already describes this issue
On-hold
Evaluated but not enough resources to complete now
Peer-review
Being reviewed for quality prior to merge
RFC
More information and feedback is needed
Wontfix
Not a bug -- way it works
Blocked
There are functional or technical reasons this can't be implemented yet
Duplicate
Another issue or PR already describes this issue
In-progress
Being worked.
On-hold
Evaluated but not enough resources to complete now
Peer-review
Being reviewed for quality prior to merge
RFC
More information and feedback is needed
Wontfix
Not a bug -- way it works
No Label
On-hold
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
DarkFeather jml project2501
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: AniNIX/Kapisi#44
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?