User story #9786
open
LDAP Group based Authorization
Added by Janos Mattyasovszky about 8 years ago.
Updated about 1 year ago.
Description
User Authentication works very well with using LDAP as a provider.
However, if you want to manage the user roles in combination with LDAP Group, you will need to do nasty things, like generating the rudder-users.xml
according to the groups you have by a cronjob, and restart the whole jetty process in order to re-read the file and allow/disallow user logins on change.
This does influence the node generation and the users working with Rudder, as you might have unexpected loss of your session if the cronjob interval is high enough (which you will probably want, since revoking an user's login permissions need to be propagated pretty fast).
It is not that hard to query if an user belongs to a set (or even nested) groups, and it would ease the authz process a lot.
- Category set to Web - Maintenance
- Target version set to 4.2.0~beta1
- Target version changed from 4.2.0~beta1 to 4.2.0~beta2
- Target version changed from 4.2.0~beta2 to 4.2.0~beta3
- Target version changed from 4.2.0~beta3 to 4.2.0~rc1
- Target version changed from 4.2.0~rc1 to 4.2.0~rc2
- Target version changed from 4.2.0~rc2 to 4.2.0
- Target version changed from 4.2.0 to 4.2.1
- Target version changed from 4.2.1 to 4.2.2
- Target version changed from 4.2.2 to 4.2.3
- Target version changed from 4.2.3 to 4.2.4
- Target version changed from 4.2.4 to Ideas (not version specific)
- Project changed from Rudder to Authentication backends
- Category deleted (
Web - Maintenance)
- Target version deleted (
Ideas (not version specific))
- Target version set to 7.2
- Target version changed from 7.2 to Ideas
Also available in: Atom
PDF