On Mon, Oct 11, 2010 at 11:16, Andy Levy <[email protected]> wrote: > I'm trying to set up project-level security on multiple servers, using > LDAP for the user authentication. For testing purposes, I have 3 > servers (I'll just call them A, B & C). A & B are configured for > project security using LDAP, C has no security. I've had two issues so > far that are stopping me: > > 1) It seems like I can only be authenticated to one server at a time, > either via the web Dashboard or CCTray. I open up the Dashboard and > see the projects on server C, all is well. I click on server A and see > nothing. Then I log in using my LDAP credentials, and I can see the > projects on A & C, but not B. If I attempt to Force a build, I get the > following error:"Request processing has failed on the remote server: > Permission to execute 'ViewProject' has been denied." > > If I log out, then go to server B & log in, I can then see B & C, but not A. > > 2) In CCTray, I've configured the server connections to authenticate > via WinLogin (both the servers and my workstation are on the same > Active Directory domain) for servers A & B. Server C's project (no > security) shows up just fine, but I get "Error: Project <name> not > found on server" on server B. Server A's projects are listed, but when > I attempt to force a build, I get the following error: > > An unexpected error has occurred while trying to force build > Request processing has failed on the remote server: > Permission to execute 'ViewProject' has been denied. > > When I attempt to force a build on server B, I get the following: > > An unexpected error has occurred while trying to force build > Request processing has failed on the remote server: > The session token is either invalid or is for a session that has expired. > > My ccnet.config sections: > > Server-level (directly below the root node): > > <internalSecurity> > <users> > <ldapUser name="MY_USER_ID" domain="OURDOMAIN"/> > </users> > <permissions> > <rolePermission name="Developers" forceBuild="Allow" > startProject="Allow"> > <users> > <userName name="MY_USER_ID"/> > </users> > </rolePermission> > <rolePermission name="Releasers" forceBuild="Allow" > startProject="Allow"> > </rolePermission> > </permissions> > </internalSecurity> > > Project config: > <security type="defaultProjectSecurity"> > <permissions> > <rolePermission name="Developers" > ref="Developers"/> > <rolePermission name="Releasers" > ref="Releasers"/> > </permissions> > </security> > > I've tried to follow the examples in the documentation but I must be > missing something obvious here. I would suspect the Dashboard > configuration, but I get similar behavior with CCTray so I'm looking > at the common denominator - the project/server configs. >
I hate to just bump a thread but I'm about to pull the trigger on locking most of my projects down, and it would really be nice if I could have my security such that my release managers can see *everything* they have permission to release in one view, and all the developers be able to actually see the status of all their builds. Security just doesn't seem to work right as described above. Any ideas at all where I've gone wrong?
