libregraph
Graph API access
I am opening this issue to document some ideas we have at ownCloud.
We would like to be able to communicate with the idm using the Graph API. The API should provide read and write access, so that we can do basic CRUD actions. This means that the idm needs some sort of storage which could be implemented using https://github.com/tidwall/buntdb for example.
cc: @micbar, @butonic
How about adding LDAP Add/Modify support to idm (maybe still backed by LDIF files) and implementing the Graph API layer on top of LDAP? That should make it possible to replace idm with some "real" LDAP in production environments.
Or is LDAP write support a strict no no no for libregraph/idm? :-)
So far it was out of scope but that can change. Should be discussed if it's worth to add this complexity and what it has for consequences.
@longsleep Ok, but AFAIK some basic user management capabilities (creating, deleting, updating) were in scope for libregraph/lico/idm, right? My initial thought was, that if we'd add limiited LDAP Write Support to idm it would be easier to replace idm with a "real" LDAP server for workloads where idm isn't suited.
Would you mind sharing your thoughts/ideas/plans regarding basic user management in libregraph? BTW, is there some forum/mailing list or other discussion channel for topics around libregraph?
@longsleep
My initial thought was, that if we'd add limited LDAP Write Support to idm it would be easier to replace idm with a "real" LDAP server for workloads where idm isn't suited.
That is IMO the beauty of that approach. Basically the main idea behind LibreIDM is to have a "replacement" for an LDAP server. We are on the same page with the limited scope of this, but we think this is a good idea. We also will use the GraphAPI in the future to work with users and Groups.
In our use case we need a small User Management as a drop in replacement.
@longsleep I've just pushed #17 as a draft. Maybe that helps as a starting point for a discussion.