[Etesync] - User creation #912
Labels
No labels
administration
Akkoma
Android
Bare metal
bug
Communication
Community
Cryptpad
Discussion
Documentation
duplicate
enhancement
etherpad
Feature request
Feedback
finances
Fixed
forgejo
fun_project
Goal 2024
help wanted
housekeeping
Howto
In progress
🤔️ Investigate
ios
jitsi
lacre
Lacre Test
ldap
Lemmy
LibreTranslate
low prio
Lufi
macos
Mail
Merch
monitoring
movim
needs_refine
New Auth
Nextcloud
nice to have
on hold
proposal
question
Ready
refined
Roundcube
searX
spam-protection
Staging Server
sysadmin
Themes
TOR
upstream issue
Urgent!
Website
windows
wontfix
xmpp
Yearly Report
No milestone
No project
No assignees
4 participants
Notifications
Due date
No due date set.
Blocks
#913 [New service] - Etesync
Disroot/Disroot-Project
Reference: Disroot/Disroot-Project#912
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
ATM when deploying etesync instance the user creation on custom instance is
notpossible. We need to investigate / decide how to make it possible.Oh I see, even if you check the "Advanced settings" box and choose your custom domain, the account is still create on etesync.com. Weird.
Is this happening also from the Android app?
According to the user guide it should be possible to use a custom server URL.
Moreover, checking the android repository for existing issues I've found this one, closed in 2020, according to which a check was added in order to make sure the server from "advanced settings" is actually an EteSync server (therefore this should have been working since years ago).
Also, someone somehow confirmed (on February 20) the option from Android app; check this comment and the next 2 ones.
Will be testing it all next days.
I just checked user creation on test instance and it does work. You do need to specify instance name in advanced settings but otherwise it works fine. I could signup using android app.
I've edited issue description to relect on current situation. @Disroot/Owners Please give your feedback.
I like using ldap coz it avoids having lots of different creds. But that is my own experience.
If we go with keycloak, zytatel (untested but supported), and authentik (not tested but supported), we could keep LDAP in sync with the new user db. We still would need to check if password change would be properly synced back to LDAP and how does it work with etesync in case of password change. So since etesync does not support openid/oauth would mean we could use LDAP but that would not go through SSO with global 2FA.
We could add ldap auth to etesync on test instance and see if we get issues with password change etc.
is that the only service we would need to keep ldap for?
I haven't check everything yet. Hopefully yes. We will see after we do all the work for keycloak on staging/ test server.
I was asking this coz if that this is only service we will need ldap for, I would not go for ldap :)
If it is easy to keep ldap in sync with the other authentication systems, than it might be useful. You never know if we will need it for other services in the future. If it just adds complications than I agree with @meaz on dropping ldap all together.
I think keeping it just in case (like here where only ldap is supported) is good anyway. We need to check how well the syncing with keycloak is, but looks like it should be working well.
I would opt for requiring Disroot account to access etesync (thinking about it not I would do the same for cryptpad in the past). If it is possible we should always apply disroot access, to make the service more consistant. Otherwise it becomes unclear what is working with disroot account and for what you need seperate account. Perhaps, for services requiring login but without disroot account we should host them under different domain? But thats for future to discuss.