18:55 <sy> Hi, is it possible for LDAP users to reset their passwords from sandstorm?

19:01 <sy> also, do groups work for permissions?

19:46 <sy> also, is there any way to use 2fa without leveraging saml?

21:00 <xet7> sy: LDAP and SAML users, passwords are defined at LDAP/SAML servers. I presume Sandstorm does not affect those in any way.

21:01 <xet7> sy: I presume 2fa depends on your LDAP/SAMP/other auth server. Not Sandstorm.

21:01 <xet7> sy: because that auth server takes care of all auth steps, like 2fa etc.

21:02 <xet7> sy: About groups, you need to test do they work with Sandstorm.

21:03 <xet7> sy: I presume all this, because both Sandstorm and Wekan are made with Meteor, and also Standalone Wekan can not affect any LDAP settings.

21:06 <xet7> sy: I would think that adding more login/permission etc features to Sandstorm would take a lot of work. Someone can anyway try implement more stuff and add pull request.

21:08 <xet7> sy: I think that way, because I still have not figured out all Sandstorm permission stuff while maintaining Wekan and keeping it running on Sandstorm, I have still many Sandstorm specific Wekan bugs to fix.

21:09 <sy> alright cool, thanks

21:10 <sy> not sure ldap can do 2fa though

21:10 <sy> saml will redirect you to a page, but ldap just takes arguments

21:10 <sy> i suppose it can take 3 arguments, one for the TOTP

21:10 <sy> but sandstorm would need to know about this to present it

21:28 <xet7> In general, Sandstorm only stores generated random user ID, not any password data.

21:28 <xet7> That is part of security design of Sandstorm.

21:32 <xet7> Ooops I released experimental broken version of Wekan. Just a moment I fix it.

21:32 <xet7> experimental broken Sandstorm version

21:49 <xet7> It's so fun. Upgrade some dependency, then Wekan breaks, so downgrading dependency :D