You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@archiva.apache.org by Olivier Lamy <ol...@apache.org> on 2013/01/02 16:03:58 UTC
Re: Releasing 1.4-M4
So finally I will implement that for 1.4-M4 :-)
That sounds to be a nice feature to have.
The idea will be to add some configuration mapping between ldap group
and archiva/redback roles.
2012/12/21 Olivier Lamy <ol...@apache.org>:
> 2012/12/21 Brett Porter <br...@apache.org>:
>>
>> On 21/12/2012, at 7:39 PM, Olivier Lamy <ol...@apache.org> wrote:
>>
>>> Note something I'd like to add is to be able to use only ldap
>>> (including for roles).
>>> But probably not yet for this release, I have to think which ldap
>>> attributes to use for role mapping (and a couple of other things :-)
>>> ).
>>> Such feature makes sense ?
>>
>> I'm not sure you'll get the granularity of the resources/permissions that you want without overly-polluting LDAP or unless you limit it to the global roles.
>>
>> Probably the better way to approach it is to add support for groups (mapped onto LDAP) that can be assigned to roles (still stored in Archiva/Redback).
>
> Sounds good to do such mapping.
> But for next release :-)
>
>>
>> - Brett
>>
>> --
>> Brett Porter
>> brett@apache.org
>> http://brettporter.wordpress.com/
>> http://au.linkedin.com/in/brettporter
>> http://twitter.com/brettporter
>>
>>
>>
>>
>>
>
>
>
> --
> Olivier Lamy
> Talend: http://coders.talend.com
> http://twitter.com/olamy | http://linkedin.com/in/olamy
--
Olivier Lamy
Talend: http://coders.talend.com
http://twitter.com/olamy | http://linkedin.com/in/olamy
Re: Releasing 1.4-M4
Posted by Olivier Lamy <ol...@apache.org>.
Apologize for delay (some other stuff to do recently)
Most of ldap mapping is implemented ( ldap group -> n archiva roles).
Can be done via file security.properties (see
http://archiva.apache.org/redback/configuration.html )
ldap.config.groups.class= object class for groups (default: groupOfUniqueNames)
ldap.config.groups.base.dn= basedn for groups, dn with list of groups
( dc=archiva,dc=apache,dc=org ) (if empty default will be
ldap.config.base.dn)
ldap.config.groups.role.*(ldap group)=*(roles) (mapping ldap group -
redback roles comma separated) (example:
ldap.config.groups.role.archiva-admin=Archiva System Administrator,
Foo)
ldap.config.writable=true/false will write datas to ldap (default false)
ldap.config.groups.use.rolename=true/false will create groups in ldap
with default role if no group-role mapping found (default false)
ldap.config.user.attribute= attribute name to use for user (default uid=)
Note the new ldap.config.writable this mean is possible to activate
write to ldap (for groups creation and users)
Now (I hope in the coming days) I will add a ui screen to map groups to n roles.
I'd like to add some changes (but probably for a next release). This
means be able to fully remove the database use as currently the
roles/permissions (redback model) still need a database.
Any comments are welcome :-)
2013/1/2 Olivier Lamy <ol...@apache.org>:
> So finally I will implement that for 1.4-M4 :-)
> That sounds to be a nice feature to have.
> The idea will be to add some configuration mapping between ldap group
> and archiva/redback roles.
>
> 2012/12/21 Olivier Lamy <ol...@apache.org>:
>> 2012/12/21 Brett Porter <br...@apache.org>:
>>>
>>> On 21/12/2012, at 7:39 PM, Olivier Lamy <ol...@apache.org> wrote:
>>>
>>>> Note something I'd like to add is to be able to use only ldap
>>>> (including for roles).
>>>> But probably not yet for this release, I have to think which ldap
>>>> attributes to use for role mapping (and a couple of other things :-)
>>>> ).
>>>> Such feature makes sense ?
>>>
>>> I'm not sure you'll get the granularity of the resources/permissions that you want without overly-polluting LDAP or unless you limit it to the global roles.
>>>
>>> Probably the better way to approach it is to add support for groups (mapped onto LDAP) that can be assigned to roles (still stored in Archiva/Redback).
>>
>> Sounds good to do such mapping.
>> But for next release :-)
>>
>>>
>>> - Brett
>>>
>>> --
>>> Brett Porter
>>> brett@apache.org
>>> http://brettporter.wordpress.com/
>>> http://au.linkedin.com/in/brettporter
>>> http://twitter.com/brettporter
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>> --
>> Olivier Lamy
>> Talend: http://coders.talend.com
>> http://twitter.com/olamy | http://linkedin.com/in/olamy
>
>
>
> --
> Olivier Lamy
> Talend: http://coders.talend.com
> http://twitter.com/olamy | http://linkedin.com/in/olamy
--
Olivier Lamy
Talend: http://coders.talend.com
http://twitter.com/olamy | http://linkedin.com/in/olamy