XMPP Service Operators - 2023-05-11


  1. msavoritias

    > msavoritias: what about NIS and PAM? That was the nightmare I tried yonks ago I have dealt once with PAM yeast ago. Still have night nightmares over it. Its way too complicated and the syntax is weird imo

  2. agh

    Yeah it is a beast

  3. agh

    Some say it is over engineered, others think that is just shame to hide the poor engineering behind PAM.

  4. jonas’

    My money is on "PAM solves a problem which looks simple from the outside and the complexity is justified for non-obvious reasons".

  5. jonas’

    Like XMPP ;)

  6. Licaon_Kter

    And gotta support sql? Add that. And ldap? Add that too... tokens? Oauth?...just like xmpp

  7. mike

    I would really like a nice, clean interface for a simple user account self registration system that was backed by LDAP. There are a few half assed projects out there and some incredible over engineered ones, but nothing I've seen in the sweet spot for small to mid-sized services.

  8. MattJ

    +1000

  9. mike

    Just enough to let people sign up, set a recovery email, change passwords. That'd be really nice. 😁

  10. MattJ

    I recall I did find a couple of things in this space, but I'd have to dig through my notes to remember what they were

  11. MattJ

    But none seemed to be exactly what I wanted (what you described)

  12. jonas’

    mike, AFAIK there is no standard schema shipped with openldap which would satisfy those requirements :)

  13. jonas’

    (recovery email fails)

  14. jonas’

    and writing LDAP schema is possible, but only by going into "DO NOT DO THAT" waters because you need an OID tree assigned to you and last time I tried that I got no response :<

  15. Guus

    Convoluted idea that I didn't test: use Keycloak as an intermediary? IIRC it can federate with AD/LDAP (and write back to it), while also provide sign-up pages.

  16. mike

    I should go through my old email archives then because I have one from IANA, or did back in around 2002.

  17. jonas’

    Guus, someone said simple

  18. jonas’

    I think that excludes a java monolith.

  19. jonas’

    ;D

  20. mike

    I only really care about something being simple for the end user, I'll deal with complexity happily to deliver that.

  21. Trung

    tbh i would prefer everything else to auth through xmpp. Reason is because when user log-in to xmpp they are instantly messagable.

  22. MattJ

    Well, you can do that with keycloak and prosody trunk now 🙂

  23. millesimus

    mike: What's your opinion on https://github.com/lldap/lldap ?

  24. mike

    millesimus: first time I've seen it. I'll take a look when I'm not on my phone, Cheers. It's definitely been a year or two since I last went looking into this area.

  25. MattJ

    Ah yes! That was one I was thinking of.

  26. mike

    I have found the Private Enterprise Number IANA gave me 20 years ago so yes, I'm "legally" allowed to write any schema I want. 😁

  27. millesimus

    I'd be interested to hear which solution you settle with. I am also contemplating whether a full OpenLDAP stack might be better (and how to migrate… urgs).

  28. Guus

    jonas’: You want to discuss complexity of Java monoliths? :) I ended up with Keycloak after trying to get WSO2's Identity Server to do ... anything useful. As an indication of the difference in complexity between the two (as perceived by me at least): there's a mailing list comment somewhere where I talk about singing birds and having visions of unicorns leaving multi-colored droppings...

  29. agh

    > My money is on "PAM solves a problem which looks simple from the outside and the complexity is justified for non-obvious reasons". > > Like XMPP ;) I will deploy my PAM and NSS platform one day....

  30. jonas’

    (note that PAM however solves a different problem than LDAP & co do)

  31. agh

    Yes, but I can has LDAP and PAM too

  32. jonas’

    indeed

  33. vshine001

    Messages from strangers are rejected

  34. vshine001

    who can solve

  35. jonas’

    don't load the module which does that

  36. vshine001

    I send messages to people Then appear Messages from strangers are rejected

  37. jonas’

    ah

  38. jonas’

    that's a recipient side issue

  39. vshine001

    Someone can put me in touch with him ?

  40. vshine001

    I know if there's a way around this?

  41. vshine001

    Is there a way to text him directly?

  42. jonas’

    add them as contact I guess

  43. vshine001

    add him appear a quesion

  44. vshine001

    In what year did World War II end?

  45. vshine001

    i cant add him

  46. vshine001

    Who has the technology to text him

  47. jonas’

    depends on whom

  48. vshine001

    I send messages to people Then appear Messages from strangers are rejected who can help me to solve this quesion

  49. vshine001

    I send messages to people Then appear Messages from strangers are rejected who can help me to solve this quesion

  50. moparisthebest

    > mike: What's your opinion on https://github.com/lldap/lldap ? That looks really really great until the "to talk to us join discord!" -.-

  51. moparisthebest

    vshine001: if it sent you a captcha try answering it

  52. Licaon_Kter

    vshine001: did you try `1918`?

  53. moparisthebest

    Licaon_Kter: wrong world war

  54. moparisthebest

    Finally definitive proof Licaon_Kter is a bot not a human...

  55. Licaon_Kter

    Read it as WWI

  56. Licaon_Kter

    Was the right century at least