Use multiple "layers" of managing user groups

mweber · September 19, 2023, 7:37am

Hi community,

will I still be able to set up groups and assign users to them wehen I connect ShinyProxy to an external source for user management?

My idea is to use ldap or something else to authenticate users and then provide permissions in the application.yml. The reason for this is that I don’t have the permissions to do any changes on our LDAP server but don’t wan’t to rely on the It support to (un)assign users to groups. At the same time I want the users to just log in with the account they already have.
At the moment it’s unclear if I will be allowed to connect to LDAP itself. Maybe I will have to connect via webservice to a different service. Would that make any difference to my question abouve?

Kind regards,
Mathias

jkh1 · September 26, 2023, 7:34am

As far as I can tell you can’t mix authentication types so if you use LDAP, you’ll have to manage groups with it. A possible solution could be to manage users with Keycloak connected to LDAP. This may allow you to create additional groups beyond those provided by LDAP.