[idea] Configuration Backend

[thekoma]

Hi,
do you think that would be possible to implement a database and/or ldap backend integration?

Having a proxy is useful but restarting the app and editing a configuration file is difficult to implement in automation environments.

[icb-]

Integrating with PowerDNS-Admin for zone authorization (and authentication?) would be great.

[fincham]

Hi all,

Yes, more flexible authentication would be doable. We'll add it to the backlog of features.

Thanks!

[luto]

@fincham we're currently thinking about tackling this one: A generic authentication system, with backends for the current ini-format and PowerDNS-Admin. Plus docs on how to add a new one, of course.

While researching the PowerDNS-Admin one, we kind of hit a snag: where do we store the API key? should the password just act as an API key? Using the tenants/accounts feature, an foobar-api user could be created for each tenant, so the key doesn't pull double duty as password and API key.

What do you think?

[icb-]

PowerDNS-Admin supports account types that don't have a set password (e.g. SAML).

[luto]

That would require API clients to speak SAML to the auth-proxy, which way out of scope for us, sorry. We're only thinking about support for the currently implemented API key schema; all extensions to that would have to be done by someone else.

[thekoma]

I would suggest to support a mysql/odbc basic schema (user/password/key/[[permissions]])
and write (like in powerdns) a standard query format which could be overridden.
See the mysql module on powerdns fo reference.
Also the call could be overridden with an external command and variables in append at the call itself (parameters).

[fincham]

Hi folks,

I'm off work due to illness at the moment but I'll get back to this issue next week hopefully.

Thanks,
-Michael