Rudder plugins » Authentication backends

User Authentication works very well with using LDAP as a provider.

However, if you want to manage the user roles in combination with LDAP Group, you will need to do nasty things, like generating the rudder-users.xml according to the groups you have by a cronjob, and restart the whole jetty process in order to re-read the file and allow/disallow user logins on change.

This does influence the node generation and the users working with Rudder, as you might have unexpected loss of your session if the cronjob interval is high enough (which you will probably want, since revoking an user's login permissions need to be propagated pretty fast).

It is not that hard to query if an user belongs to a set (or even nested) groups, and it would ease the authz process a lot.