FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. jared
    J
    • Profile
    • Following 0
    • Followers 0
    • Topics 0
    • Posts 3
    • Best 1
    • Controversial 0
    • Groups 0

    jared

    @jared

    1
    Reputation
    1
    Profile views
    3
    Posts
    0
    Followers
    0
    Following
    Joined Last Online
    jared Unfollow Follow

    Best posts made by jared

    • RE: LDAP connector resets User Registrations

      @dan
      I was the filer of GitHub issue #1438 that mentioned these issues and you and I went back and forth a little bit on it.

      "Is it possible to designate the LDAP connector to perform authentication only? Or to mark a user account to not get recreated each time it uses LDAP to sign in?"

      This would be my thought process as to how it would work, as my assumption would be that someone who's attempting to connect LDAP is expecting to use LDAP for password management; and that LDAP is likely AD.

      Our ideal use case would be to layer FusionAuth on top of using the LDAP system in order to unify access. Specifically, our internal users could use their Active Directory logins in order to enter our public facing website application, but we could layer the TOTP MFA on top of it within that web site user experience (for regulatory reasons). Our external users would entirely be based within FusionAuth with password management handled there. We could also then control application access (registration) for both sets of users totally within FusionAuth.

      posted in Q&A
      J
      jared

    Latest posts made by jared

    • RE: LDAP connector resets User Registrations

      @dan, do you want feature requests filed via GitHub issues, or is there another location that I'm missing?

      posted in Q&A
      J
      jared
    • RE: LDAP connector resets User Registrations

      @dan
      I was the filer of GitHub issue #1438 that mentioned these issues and you and I went back and forth a little bit on it.

      "Is it possible to designate the LDAP connector to perform authentication only? Or to mark a user account to not get recreated each time it uses LDAP to sign in?"

      This would be my thought process as to how it would work, as my assumption would be that someone who's attempting to connect LDAP is expecting to use LDAP for password management; and that LDAP is likely AD.

      Our ideal use case would be to layer FusionAuth on top of using the LDAP system in order to unify access. Specifically, our internal users could use their Active Directory logins in order to enter our public facing website application, but we could layer the TOTP MFA on top of it within that web site user experience (for regulatory reasons). Our external users would entirely be based within FusionAuth with password management handled there. We could also then control application access (registration) for both sets of users totally within FusionAuth.

      posted in Q&A
      J
      jared
    • RE: LDAP connector resets User Registrations

      This is something that is a potential issue for us as well.

      The other big implication of the user being recreated/fully resynchronized is that not only are the registrations removed, but so is any multi-factor authentication that was set up on the user.

      posted in Q&A
      J
      jared