Initial thoughts for Release 0.4.0 from Identity planning meeting:
Support authentication against external LDAP
Conductor will integrate with LDAP Server for authentication. It will follow the same principles as Katello, in that it will use the local DB as its primary data source for users and fall back on LDAP (TBC). e.g. If a user does not already exist in the local DB it will: 1) authenticate against LDAP 2) create the user in the DB.
Deleting users will consist of deleting the user in the local DB only. this can then be created again, the next time a user logs in using LDAP Auth.
Listing users in Conductor, will consist of only listing the users in the local database. Warehouse should share the same set of users as conductor. Warehouse is likely supporting GSSAPI. We need to decide whether warehouse will be authenticating against conductor or another service.
We intend to use OAuth across components for authentication. This would require adding OAuth Provider support to conductor and OAuth client support to each component accessing protected resources. Katello already supports a OAuth (two-legged) which hopefully means relatively straight forward integration once we have the other parts in place.