Redback
  1. Redback
  2. REDBACK-142

Add support for LDAP groups in LdapUserMapper when redback is used for auth login to an application like Continuum

    Details

    • Type: Improvement Improvement
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.0.1
    • Fix Version/s: 1.0.2
    • Labels:
      None
    • Number of attachments :
      0

      Description

      The Redback LDAP configurations used by other applications like Continuum, only allows for setting UserBaseDN as a selection criteria when authorizing access to the application.
      In any case where all users are located in the same ldap tree/sub and all users should be granted access, this is fine.
      But most of the time you would want to grant access to applications either by setting a special permission or attribute on users, or you would define an ldap group where authorized users are added.

      The LdapUserMapper and the redback-common-ldap source should support both defining groups and/or user attributes as a filtering mechanism when access is granted.

        Activity

        Hide
        Emmanuel Venisse added a comment -

        Done with user-filter parameter

        Show
        Emmanuel Venisse added a comment - Done with user-filter parameter
        Hide
        Thomas added a comment -

        Reopen?..

        In my case it's not enough to use the user-filter parameter (or i don't understand how to use it corretly).
        I have several groups which have access to archiva and everybody of some of this groups (2 or 3) should have access.
        Is a more-than-one-group configuration possible with user-filter parameter or could you add the functionality to redback (or archiva )
        Thanks

        Show
        Thomas added a comment - Reopen?.. In my case it's not enough to use the user-filter parameter (or i don't understand how to use it corretly). I have several groups which have access to archiva and everybody of some of this groups (2 or 3) should have access. Is a more-than-one-group configuration possible with user-filter parameter or could you add the functionality to redback (or archiva ) Thanks
        Hide
        Brett Porter added a comment -

        Thomas - please create a new issue for this.

        Show
        Brett Porter added a comment - Thomas - please create a new issue for this.
        Hide
        roger xia added a comment -

        Any new issue created for this? I met with the same requirement.

        It is not a good idea to enable group authentication through user-filter, because it depends on the schema of LDAP storage, we can use memberOf on user entry or use member on group entry, so it might be a good solution to provide a new filter for group.

        Any comments?

        Show
        roger xia added a comment - Any new issue created for this? I met with the same requirement. It is not a good idea to enable group authentication through user-filter, because it depends on the schema of LDAP storage, we can use memberOf on user entry or use member on group entry, so it might be a good solution to provide a new filter for group. Any comments?

          People

          • Assignee:
            Emmanuel Venisse
            Reporter:
            Sverre Marvik
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: