Project

General

Profile

Actions

User story #9786

open

LDAP Group based Authorization

Added by Janos Mattyasovszky about 8 years ago. Updated about 1 year ago.

Status:
New
Priority:
N/A
Assignee:
-
Target version:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:

Description

User Authentication works very well with using LDAP as a provider.

However, if you want to manage the user roles in combination with LDAP Group, you will need to do nasty things, like generating the rudder-users.xml according to the groups you have by a cronjob, and restart the whole jetty process in order to re-read the file and allow/disallow user logins on change.

This does influence the node generation and the users working with Rudder, as you might have unexpected loss of your session if the cronjob interval is high enough (which you will probably want, since revoking an user's login permissions need to be propagated pretty fast).

It is not that hard to query if an user belongs to a set (or even nested) groups, and it would ease the authz process a lot.

Actions

Also available in: Atom PDF