authentik
authentik copied to clipboard
goauthentik
root: add setting to configure primary django hasher
Details
This pull request makes the primary django hasher configurable via the .env file. I would like to switch the internal hash algorithm to Argon2, due to its compatibility with OpenLDAP. There is no breaking change and the parameter is optional. If not set, the standard django hasher hierarchy is used. I couldn't test it with the current main since the ak server commands gets stuck during migration processes (see https://github.com/goauthentik/authentik/issues/9866). It is tested with 2024.04.
Checklist
- [ ] Local tests pass (
ak test authentik/) -> no because main is currently broken, tests are failing before changing anything, at least for me - [x] The code has been formatted (
make lint-fix)
If an API change has been made
- [ ] ~The API schema has been updated (
make gen-build)~ -> no API changes
If changes to the frontend have been made
- [ ] ~The code has been formatted (
make web)~ -> no frontend changes
If applicable
- [x] The documentation has been updated
- [x] The documentation has been formatted (
make website)
Deploy Preview for authentik-storybook canceled.
| Name | Link |
|---|---|
| Latest commit | 8ebbadcd0b3e407402f725b7a28456f5f445599b |
| Latest deploy log | https://app.netlify.com/sites/authentik-storybook/deploys/66751a2b0ac47b000855bb5e |
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
Deploy Preview for authentik-docs ready!
| Name | Link |
|---|---|
| Latest commit | 8ebbadcd0b3e407402f725b7a28456f5f445599b |
| Latest deploy log | https://app.netlify.com/sites/authentik-docs/deploys/66751a2b6fa1e00008bd0250 |
| Deploy Preview | https://deploy-preview-10195--authentik-docs.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify site configuration.
I'm curious as to the use case of this. Do you have custom scripts or things that sync that password back to LDAP?
I'm curious as to the use case of this. Do you have custom scripts or things that sync that password back to LDAP?
That will be the case since the performance of integrated ldap provider isn't fast / stable enough for our use case (user login to central server systems via sssd). Besides we only need to provide some users via LDAP. I thought about adding a filter to the integrated LDAP provider, but I think OpenLDAP is more stable / faster.