<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 8/19/16 2:38 AM, Stian Thorgersen
wrote:<br>
</div>
<blockquote
cite="mid:CAJgngAfE6a41Wtueu59V8FRtJRJr5sZ17su9BkKLv9EbWNZz7g@mail.gmail.com"
type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 18 August 2016 at 20:30, Bill
Burke <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"><span
class=""><br>
On 8/18/16 4:59 AM, Stian Thorgersen wrote:<br>
> Bill,<br>
><br>
> Are you planing to have an option to allow import
of users with the<br>
> new user federation SPI? I'm not convinced we
should completely remove<br>
> this option.<br>
><br>
<br>
</span>The only callback that does not exist in the new
SPI is<br>
validateAndProxy(). With the current federation SPI, the
developer<br>
implements everything themselves for import. There are no<br>
synchronization APIs/SPIs either.<br>
<span class="">> Some use-cases I could imagine:<br>
><br>
> * Allow users to authenticate even if LDAP server
is down<br>
</span>Our current LDAP provider will not work if LDAP is
down, even with the<br>
import :)<br>
<span class=""><br>
<br>
> * Allow migrating users away from LDAP<br>
<br>
</span>We can do anything we want for our LDAP
implementation. This doesn't<br>
mean that the SPI should have special support methods and
interfaces for<br>
synchronization and import.<br>
</blockquote>
<div><br>
</div>
<div>I'd say migrating from one provider to the built-in
provider (or even a different provider) is something that
shouldn't be done by the provider themselves, but rather
some sort of migration manager util.</div>
</div>
</div>
</div>
</blockquote>
<br>
Are you just talking about LDAP? Then yes, our LDAP adapter could
support it. Read my previous email though...Unless LDAP exposes
passwords and other credentials so that they could be migrated, I'm
not sure how an import would be done. <br>
<br>
If you're talking about any arbitrary provider, I'm not sure what we
could offer for migration manager utils as we will have no idea how
the data is stored.<br>
<br>
Bill<br>
</body>
</html>