Alright, it's actually a good point to take stock: how's it going with your effort? Is there anything I can help with?

It's steady progress, but I haven't been able to put too much time into it the last two weeks, it looks a bit better now, but I also need to focus on getting it wrapped up, so I'll probably focus a bit more on the "core" and drop things like the RequestContext, http client, etc. They can also easily get added later without breaking the API. I have a couple of points I need to finish up, before pushing next iteration for review, that's primarily: 1. Error handling from plugins, allowing them to decide if we continue to next plugin, or abort -- like we've talked about in the comments. 2. Finish the implementation of the remaining handlers. I'm pretty much there, I just have 4 or 5 left to do, Besides that, there's still a few items left on the todo-list, like adding an API-version-check, and figuring out how I get an instance of the PluginBackendHandler handed to plugins, instead of the SqlBackendHandler, so plugin handlers will also trigger on actions from plugins. I think we'll need to discuss that, as I think we may need to do something unsafe, as it looks like it will be self-referential/cyclic reference no matter what -- but lets take that when we get closer. I can't really think of anything obvious for you to give a hand with. I think the API-version check will be pretty trivial, when we decide on how to do it.

Sounds good! Excited to get the plugins working 🙂

Hi In LLDAP, Is it possible to have a Last Accessed field for users ? It should be updated every time lldap is successfully queried for a user. I think that should be a good proxy for when the user last accessed something that use lldap

It's not implemented, but it could be. What's the use case?

Just to be able to see when a user was last used

Sure, but why do you need that? What are you going to do with that information?

maybe delete inactive accounts

i fw it

Then you probably want "last logged in" or something

And you need to be able to mark service accounts as exempt if necessary

you mean logged in on the web interface?

Otherwise, last accessed would update all the users whenever you open the admin interface, which is probably not what you want

Anywhere, web interface or through LDAP

it couldn’t be per user? like whenever a user accesses through ldap and the web interface it would like update the field

The interface is not used consistently by every service, so some services will list all users that match a filter (which will only match a single user), instead of asking for the details of a specific user

That's actually the normal way in LDAP

So every result of a search would have to be "accessed"

And opening the admin web interface searches for all users

But I think last logged in is what you want

For detecting inactive accounts

yeah makes sense

Yes this is the intent

TIL

But yeah, just to come back to this topic, feel free to create an issue, and if you feel like picking it up, I can help to guide you

Wouldnt you have the issue that applications that cache the user login for some time would not trigger a 'login' to lldap?

True, it won't be perfect but at least we will have some indicator for it vs the 0 information we get now. Eventually when authelia has a admin dashboard page, I'll request them to add it there so we have even more accurate information on when someone last logged in

How are things progressing plugin-system-wise? Trying to think about my timeline for a few projects coming up

Looping in @jensen who's working on it

Still working on it, but have recently had a bit less time to look at it, but I plan to get more back to it in this coming week. Hope to push changes from the first review round, and then start on the rebasing. Realisticly there's probably at least a couple weeks left, and I won't promise it's only that. 🙂