idiosync - User database synchronizer

Enterprise Single Sign-On (SSO) allows an organisation to maintain a single centralised database of users. Each user can then log in to all of the organisation’s services using the same username and password.

For example: a user may first attempt to access an internal wiki page. The user is redirected to the authentication server, where she enters her username and password, and is then redirected back to view the wiki page. The user subsequently attempts to access a webmail server, which recognises the existing authentication and allows immediate access to the mailbox without a second password prompt.

Overview

idiosync can be used to synchronize user and group definitions from a central user database (such as FreeIPA or Active Directory) into the databases used by individual applications (such as MediaWiki or Request Tracker). idiosync ensures that changes in the central user database are immediately reflected into the individual application databases. For example:

• When a new user is created in the central user database, a corresponding user will automatically be created in the application user database.
• When a user is renamed in the central user database, the corresponding user in the application database will automatically be renamed.
• When a user is added to a group in the central user database, the corresponding user in the application database will automatically be added to the corresponding group.
• When a user is disabled in the central user database, the corresponding user in the application database will automatically be disabled.

All of these changes are reflected immediately. Unlike other synchronization mechanism, idiosync does not delay changes until the user next logs in to the application.

Authentication

idiosync is intended to work in conjunction with an authentication mechanism such as Kerberos, SAML, or OpenID Connect. idiosync is solely responsible for ensuring that the application database includes correct definitions for all of the relevant users and groups, and the authentication mechanism is solely responsible for verifying the users’ credentials.

Contents:

• idiosync package
  • Submodules
  • idiosync.base module
  • idiosync.cli module
  • idiosync.config module
  • idiosync.dummy module
  • idiosync.freeipa module
  • idiosync.ldap module
  • idiosync.mediawiki module
  • idiosync.requesttracker module
  • idiosync.rfc2307 module
  • idiosync.sqlalchemy module
  • idiosync.sync module
  • idiosync.syncrepl module
  • Module contents

Indices and tables

• Index
• Module Index
• Search Page