Firstyear
Firstyear
Well that might be possible to have a way to *extend* an existing system group with extra members, but I need to think more about it.
> I'm not familiar with how PAM queries work in terms of group membership, but from what I've seen so far it's in order of priority - pam queries whichever...
> In my travels attempting to figure out how to fix NixOS/HM, I found some interesting information (which may or may not be applicable): > > * https://man.archlinux.org/man/core/man-pages/nsswitch.conf.5.en#merge > >...
https://github.com/kanidm/kanidm/issues/2698#issuecomment-2141182300 https://github.com/kanidm/kanidm/issues/2698#issuecomment-2141177300
Okay, after reviewing the oauth2 rfc, oauth2 token introspection rfc and openid connect specification, none of them apply restrictions to the claim values. This means we are free to expand...
@dvv What changes to the claim value regex are you considering?
I'm not adding templating, so don't get ahead of yourself. For now I'll allow the current rules around string OR valid json up to a maximum size. But I need...
> I'll quit the project before we allow dynamic loadable modules 😄 Don't worry, I'm not going to allow them. I have enough nightmares as is. At best it will...
That makes it a bit more fun then for us to define how we would structure a custom claim type since we need to also then consider the json types...
What they are asking for (in another channel) is the sync function.