You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
We've been trying out Authentik for a while now and we're currently looking to integrate it within our current setup. We have an existing OpenLDAP service and we've been using that as Authentik's primary source. Due to how our current infrastructure works, we can't really move our account creation process over to Authentik.
Our current workaround to avoid waiting for the scheduled sync is having a script for the account creation process which communicates with both the OpenLDAP service and Authentik. The script creates the actual account on the OpenLDAP service then triggers an LDAP sync to Authentik.
This works fine for our purposes. However, every LDAP sync triggers a full directory query to our OpenLDAP service. With the amount of users we have, it takes a lot longer than we would like.
Describe the solution you'd like
A REST API or a CLI flag to the existing ak ldap_sync would be ideal. The API/flag should allow a username input which would specify which user (or any filter options really) Authentik will attempt to sync from the LDAP source.
Describe alternatives you've considered
I tried looking for current solutions but haven't found anything that would work in our situation. If there is, please guide me in the right direction.
This is pretty much the most straightforward (and relatively simple to implement?) suggestion I can think of.
I would imagine implementing Keycloak's way of automatically fetching unknown LDAP users on login would be more complicated.
Thanks for your hard work!
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
We've been trying out Authentik for a while now and we're currently looking to integrate it within our current setup. We have an existing OpenLDAP service and we've been using that as Authentik's primary source. Due to how our current infrastructure works, we can't really move our account creation process over to Authentik.
Our current workaround to avoid waiting for the scheduled sync is having a script for the account creation process which communicates with both the OpenLDAP service and Authentik. The script creates the actual account on the OpenLDAP service then triggers an LDAP sync to Authentik.
This works fine for our purposes. However, every LDAP sync triggers a full directory query to our OpenLDAP service. With the amount of users we have, it takes a lot longer than we would like.
Describe the solution you'd like
A REST API or a CLI flag to the existing
ak ldap_sync
would be ideal. The API/flag should allow a username input which would specify which user (or any filter options really) Authentik will attempt to sync from the LDAP source.Describe alternatives you've considered
I tried looking for current solutions but haven't found anything that would work in our situation. If there is, please guide me in the right direction.
This is pretty much the most straightforward (and relatively simple to implement?) suggestion I can think of.
I would imagine implementing Keycloak's way of automatically fetching unknown LDAP users on login would be more complicated.
Thanks for your hard work!
The text was updated successfully, but these errors were encountered: