fediversity/fediversity
13
2
Fork 6
Code Issues 121 Pull requests 17 Projects 1 Activity Actions 2

delegating user management #337

New issue
Open
opened 2025-05-21 12:21:01 +02:00 by kiara · 0 comments
kiara commented 2025-05-21 12:21:01 +02:00
Owner
Copy link

As a Fediversity user,
I want to be able to delegate (local) management of users of my services and their groups/roles,
so that my organisation may grow without having to depend on one central administrator.

implementation notes

  • selfhostblocks support
  • nextcloud
  • as per @koen LDAP currently has not been streamlined well across different applications, so that may make it harder to offer a unified experience here without coordinating with upstream teams on this. may need to out-scope that for this story tho.
application OIDC roles custom roles LDAP OID mapping
mastodon owner, admin, moderator, base auth
pixelfed admin, user pr: domain, guid; yunohost (uid, mail)
peertube admin, moderator, user plugin: mail, uid, groups admin/mod/user, [filter] member
nextcloud 1 2 super administrator, group administrator, user docs, lldap, yunohost, selfprivacy
**As** a Fediversity user, **I want** to be able to delegate (local) management of users of my services and their groups/roles, **so that** my organisation may grow without having to depend on one central administrator. ### implementation notes - selfhostblocks support - their choice of [`lldap`](https://github.com/lldap/lldap) looks reasonable - [ ] [contract](https://github.com/ibizaman/selfhostblocks/issues/473) - nextcloud - login: [`user_oidc`](https://github.com/nextcloud/user_oidc) - write (manage LDAP groups from nextcloud): [`ldap_contacts_backend`](https://github.com/nextcloud/ldap_contacts_backend) + [`ldap_write_support`](https://apps.nextcloud.com/apps/ldap_write_support) - as per @koen LDAP currently has not been streamlined well across different applications, so that may make it harder to offer a unified experience here without coordinating with upstream teams on this. may need to out-scope that for this story tho. | application | OIDC | roles | custom roles | LDAP [OID](https://ldapwiki.com/wiki/Wiki.jsp?page=LDAP%20Object%20Identifier%20Descriptors) mapping | |-|-|-|-|-| | mastodon | [✅](https://github.com/mastodon/mastodon/pull/16221) | [owner, admin, moderator, base](https://docs.joinmastodon.org/admin/roles/) | ✅ | [auth](https://github.com/mastodon/mastodon/blob/main/app/models/concerns/user/ldap_authenticable.rb) | | pixelfed | [❌](https://github.com/pixelfed/ideas/issues/14) | [admin, user](https://docs.pixelfed.org/running-pixelfed/cli-cheatsheet.html#user-admin) | ❌ | [pr](https://github.com/pixelfed/pixelfed/pull/3296/files#diff-a3021299657a8cacd67d076374054857df8cca55277e0bb5a6ce5279ba1a37feR15-R16): `domain`, `guid`; [yunohost](https://github.com/YunoHost-Apps/pixelfed_ynh/pull/179/files#diff-8809871c0ad93d53e2863c98dc072ba596ba617f26f99099eb4e4cbf5c865386R38-R39) (`uid`, `mail`) | | peertube | [✅](https://www.npmjs.com/package/peertube-plugin-auth-openid-connect) | [admin, moderator, user](https://docs.joinpeertube.org/admin/managing-users#roles) | ❌ | [plugin](https://framagit.org/framasoft/peertube/official-plugins/-/blob/master/peertube-plugin-auth-ldap/main.js): `mail`, `uid`, groups admin/mod/user, [filter] `member` | | nextcloud | ✅ [1](https://apps.nextcloud.com/apps/oidc_login) [2](https://apps.nextcloud.com/apps/user_oidc) | [super administrator, group administrator, user](https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_configuration.html#granting-administrator-privileges-to-a-user) | ❌ | [docs](https://docs.nextcloud.com/server/stable/admin_manual/configuration_user/user_auth_ldap_api.html), [lldap](https://github.com/lldap/lldap/blob/main/example_configs/nextcloud.md#nextcloud-config--the-cli-way), [yunohost](https://github.com/YunoHost-Apps/nextcloud_ynh/blob/c048997b21867d635729c8b98b9097d485644257/conf/config.json#L48), [selfprivacy](https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/src/commit/3a84cc7ed4bc6ac3235f466961ec26afe1452cef/sp-modules/nextcloud/module.nix#L287) |
kiara added the
type: user story
 label 2025-05-21 12:21:01 +02:00
kiara added a new dependency 2025-05-21 12:21:39 +02:00
#212 single sign-on (SSO) for services
kiara added a new dependency 2025-05-21 12:22:15 +02:00
#289 key features improving user experience supported
kiara added a new dependency 2025-06-01 10:42:05 +02:00
#228 brought into production
kiara removed a dependency 2025-06-01 10:42:40 +02:00
#228 brought into production
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
ci/pixelfed
pixelfed-ci
No results found.
Labels
Clear labels   
api service

features that may relate more to a (to be created) API service

  
blocked

   
bug

Anything that doesn't work as advertised

  
component: fediversity panel

   
component: nixops4

   
documentation

   
estimation high: >3d

   
estimation low: <2h

   
estimation mid: <8h

   
productisation

features out-scoped with the decoupling of the productisation effort

  
project-management

Project management related tasks

  
question

   
role: application developer

   
role: application operator

   
role: hosting provider

   
role: maintainer

   
security

   
technical debt

   
testing

   
type unclear

   
type: key result

   
type: objective

   
type: task

   
type: user story

   
user experience
No labels
api service
blocked
bug
component: fediversity panel
component: nixops4
documentation
estimation high: >3d
estimation low: <2h
estimation mid: <8h
productisation
project-management
question
role: application developer
role: application operator
role: hosting provider
role: maintainer
security
technical debt
testing
type unclear
type: key result
type: objective
type: task
type: user story
user experience
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Blocks
#289 key features improving user experience supported}
fediversity/fediversity
Depends on
#212 single sign-on (SSO) for services
fediversity/fediversity
Reference: fediversity/fediversity#337
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?