Hacker News new | past | comments | ask | show | jobs | submit login

OIDC is not really a replacement for LDAP. SAML2 could be, but OIDC in itself has no concept like group membership.

Kerberos, yes, but LDAP no.

What are your pain points integrating with LDAP? It is pretty simple.




OIDC _can_ have group memberships if the provider/client support it via claims.

LDAP is a pain because you have to expose/support a lot of knobs for integration (bind vs anonymous, secure vs unsecure, group format, root DNs, etc.). OIDC is (in theory) a lot simpler for the most part as the bare minimum is discovery URL, client ID, and client secret.


And LDAP is a nonstarter for passwordless auth.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: