Sonar Plugins

Group mapping for roles

Details

  • Type: New Feature New Feature
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: LDAP-1.1
  • Component/s: LDAP
  • Labels:
    None
  • Number of attachments :
    0

Description

It would be really nice for Sonar administrators to be able to define mappings between LDAP groups and Sonar roles. This would avoid a lot of manual configuration.

See for instance http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPAuthentication

Issue Links

depends upon

New Feature - A new feature of the product, which has yet to be developed. SONAR-2292 Design groups management for a better extensibility

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.
is duplicated by

New Feature - A new feature of the product, which has yet to be developed. SONAR-2993 Possibility to use Active Directory Groups when we use Active Directory authentication in sonar

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Improvement - An improvement or enhancement to an existing feature or task. SONARPLUGINS-998 LDAP Plugin - Group Mapping Extension

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Evgeny Mandrikov added a comment -

Hi,

Currently it's impossible to implement, because Sonar core doesn't provide extension for it.
But this is a good proposal indeed. I think we can implement it, when we will improve security in Sonar core.

Show
Evgeny Mandrikov added a comment - Hi, Currently it's impossible to implement, because Sonar core doesn't provide extension for it. But this is a good proposal indeed. I think we can implement it, when we will improve security in Sonar core.
Hide
Permalink
Thomas added a comment -

+1.. Please

Show
Thomas added a comment - +1.. Please
Hide
Permalink
Jan Labrie added a comment -

+1 .. Please

Show
Jan Labrie added a comment - +1 .. Please
Hide
Permalink
Arnaud Heritier added a comment -

Could be useful too to use Groups from a 3rd party IDP like Crowd

Show
Arnaud Heritier added a comment - Could be useful too to use Groups from a 3rd party IDP like Crowd
Hide
Permalink
Arnaud Heritier added a comment -

Requires SONAR-2292

Show
Arnaud Heritier added a comment - Requires SONAR-2292
Hide
Permalink
Freddy Mallet added a comment -

Do you agree that the main idea here is to automatically synchronize the users/groups links between sonar and the ldap server ? This synchronization mechanism could occur automatically each time a user logs in.

Show
Freddy Mallet added a comment - Do you agree that the main idea here is to automatically synchronize the users/groups links between sonar and the ldap server ? This synchronization mechanism could occur automatically each time a user logs in.
Hide
Permalink
cforce added a comment - - edited

If you snyc groups from ldap to sonar you must offer mightful filter mechanisam to keep away of perfoemance issues and to mayn groups in sonat you never will need.

Better would be if you can create a sonar group in sonar which must have the same name as the ldap group, and then later sync users from ldap into this group if they login (already registered) or newly register). That if a user logs in/registers and has ldap group membership in a group which is created by admin in sonar before the user will be added to that sonar group.

Show
cforce added a comment - - edited If you snyc groups from ldap to sonar you must offer mightful filter mechanisam to keep away of perfoemance issues and to mayn groups in sonat you never will need. Better would be if you can create a sonar group in sonar which must have the same name as the ldap group, and then later sync users from ldap into this group if they login (already registered) or newly register). That if a user logs in/registers and has ldap group membership in a group which is created by admin in sonar before the user will be added to that sonar group.
Hide
Permalink
Freddy Mallet added a comment -

That's exactly what I was thinking about. Thanks for your feedback!

Show
Freddy Mallet added a comment - That's exactly what I was thinking about. Thanks for your feedback!
Hide
Permalink
Fabrice Daugan added a comment - - edited

I think the nexus way would be a good solution. It uses a naming convention.
See http://www.sonatype.com/books/nexus-book/reference/ldap-sect-mapping-roles-ldap.html

Show
Fabrice Daugan added a comment - - edited I think the nexus way would be a good solution. It uses a naming convention. See http://www.sonatype.com/books/nexus-book/reference/ldap-sect-mapping-roles-ldap.html
Hide
Permalink
Alexandre Navarro added a comment -

+1

Show
Alexandre Navarro added a comment - +1
Hide
Permalink
fabrice added a comment - - edited

I succeed in filtering by user group by hacking configuration file :

In place of ldap.userObjectClass:user
I put :
ldap.userObjectClass:user)(memberof=CN=sonar_users,CN=Users,DC=MY_COMPANY,DC=local

The request generated is :
(&(objectClass="user")(memberof="CN=sonar_users,CN=Users,DC=MY_COMPANY,DC=local")(SAMAccountName=myaccount))

it allow me to configure my sonar to create automatically users from a success Active directory authentification. Users allowed are in the AD sonar_users group

Show
fabrice added a comment - - edited I succeed in filtering by user group by hacking configuration file : In place of ldap.userObjectClass:user I put : ldap.userObjectClass:user)(memberof=CN=sonar_users,CN=Users,DC=MY_COMPANY,DC=local The request generated is : (&(objectClass="user")(memberof="CN=sonar_users,CN=Users,DC=MY_COMPANY,DC=local")(SAMAccountName=myaccount)) it allow me to configure my sonar to create automatically users from a success Active directory authentification. Users allowed are in the AD sonar_users group
Hide
Permalink
Eddie Webb added a comment -

Is this also fixed fro crowd?
http://sonar.15.n6.nabble.com/sonar-dev-Support-for-groups-from-Crowd-td4526492.html
"In a better world should be a dedicated ticket in Sonar Core and another one for Crowd Plugin, but I think that now it's ok to aggregate votes in LDAP Plugin."

Show
Eddie Webb added a comment - Is this also fixed fro crowd? http://sonar.15.n6.nabble.com/sonar-dev-Support-for-groups-from-Crowd-td4526492.html "In a better world should be a dedicated ticket in Sonar Core and another one for Crowd Plugin, but I think that now it's ok to aggregate votes in LDAP Plugin."
Hide
Permalink
Eddie Webb added a comment -

I see that http://jira.codehaus.org/browse/SONARPLUGINS-1046 is now trakcing Crowd group support separately, and have cast my vote there.

Show
Eddie Webb added a comment - I see that http://jira.codehaus.org/browse/SONARPLUGINS-1046 is now trakcing Crowd group support separately, and have cast my vote there.

People

  • Assignee:
    Evgeny Mandrikov
    Reporter:
    Vincent Latombe
Vote (19)
Watch (12)

Dates

  • Created:
    Updated:
    Resolved: