I'm trying to set up project-level security on multiple servers, using
LDAP for the user authentication. For testing purposes, I have 3
servers (I'll just call them A, B & C). A & B are configured for
project security using LDAP, C has no security. I've had two issues so
far that are stopping me:
1) It seems like I can only be authenticated to one server at a time,
either via the web Dashboard or CCTray. I open up the Dashboard and
see the projects on server C, all is well. I click on server A and see
nothing. Then I log in using my LDAP credentials, and I can see the
projects on A & C, but not B. If I attempt to Force a build, I get the
following error:"Request processing has failed on the remote server:
Permission to execute 'ViewProject' has been denied."
If I log out, then go to server B & log in, I can then see B & C, but not A.
2) In CCTray, I've configured the server connections to authenticate
via WinLogin (both the servers and my workstation are on the same
Active Directory domain) for servers A & B. Server C's project (no
security) shows up just fine, but I get "Error: Project <name> not
found on server" on server B. Server A's projects are listed, but when
I attempt to force a build, I get the following error:
An unexpected error has occurred while trying to force build
Request processing has failed on the remote server:
Permission to execute 'ViewProject' has been denied.
When I attempt to force a build on server B, I get the following:
An unexpected error has occurred while trying to force build
Request processing has failed on the remote server:
The session token is either invalid or is for a session that has expired.
My ccnet.config sections:
Server-level (directly below the root node):
<internalSecurity>
<users>
<ldapUser name="MY_USER_ID" domain="OURDOMAIN"/>
</users>
<permissions>
<rolePermission name="Developers" forceBuild="Allow"
startProject="Allow">
<users>
<userName name="MY_USER_ID"/>
</users>
</rolePermission>
<rolePermission name="Releasers" forceBuild="Allow"
startProject="Allow">
</rolePermission>
</permissions>
</internalSecurity>
Project config:
<security type="defaultProjectSecurity">
<permissions>
<rolePermission name="Developers"
ref="Developers"/>
<rolePermission name="Releasers"
ref="Releasers"/>
</permissions>
</security>
I've tried to follow the examples in the documentation but I must be
missing something obvious here. I would suspect the Dashboard
configuration, but I get similar behavior with CCTray so I'm looking
at the common denominator - the project/server configs.
