Looks good, I'll have to try it out here. Thanks Olivier! -Deng
On Wed, Feb 6, 2013 at 7:01 PM, Olivier Lamy <[email protected]> wrote: > Apologize for delay (some other stuff to do recently) > Most of ldap mapping is implemented ( ldap group -> n archiva roles). > Can be done via file security.properties (see > http://archiva.apache.org/redback/configuration.html ) > > ldap.config.groups.class= object class for groups (default: > groupOfUniqueNames) > ldap.config.groups.base.dn= basedn for groups, dn with list of groups > ( dc=archiva,dc=apache,dc=org ) (if empty default will be > ldap.config.base.dn) > ldap.config.groups.role.*(ldap group)=*(roles) (mapping ldap group - > redback roles comma separated) (example: > ldap.config.groups.role.archiva-admin=Archiva System Administrator, > Foo) > ldap.config.writable=true/false will write datas to ldap (default false) > ldap.config.groups.use.rolename=true/false will create groups in ldap > with default role if no group-role mapping found (default false) > ldap.config.user.attribute= attribute name to use for user (default uid=) > > Note the new ldap.config.writable this mean is possible to activate > write to ldap (for groups creation and users) > > Now (I hope in the coming days) I will add a ui screen to map groups to n > roles. > > I'd like to add some changes (but probably for a next release). This > means be able to fully remove the database use as currently the > roles/permissions (redback model) still need a database. > > Any comments are welcome :-) > > > 2013/1/2 Olivier Lamy <[email protected]>: > > So finally I will implement that for 1.4-M4 :-) > > That sounds to be a nice feature to have. > > The idea will be to add some configuration mapping between ldap group > > and archiva/redback roles. > > > > 2012/12/21 Olivier Lamy <[email protected]>: > >> 2012/12/21 Brett Porter <[email protected]>: > >>> > >>> On 21/12/2012, at 7:39 PM, Olivier Lamy <[email protected]> wrote: > >>> > >>>> Note something I'd like to add is to be able to use only ldap > >>>> (including for roles). > >>>> But probably not yet for this release, I have to think which ldap > >>>> attributes to use for role mapping (and a couple of other things :-) > >>>> ). > >>>> Such feature makes sense ? > >>> > >>> I'm not sure you'll get the granularity of the resources/permissions > that you want without overly-polluting LDAP or unless you limit it to the > global roles. > >>> > >>> Probably the better way to approach it is to add support for groups > (mapped onto LDAP) that can be assigned to roles (still stored in > Archiva/Redback). > >> > >> Sounds good to do such mapping. > >> But for next release :-) > >> > >>> > >>> - Brett > >>> > >>> -- > >>> Brett Porter > >>> [email protected] > >>> http://brettporter.wordpress.com/ > >>> http://au.linkedin.com/in/brettporter > >>> http://twitter.com/brettporter > >>> > >>> > >>> > >>> > >>> > >> > >> > >> > >> -- > >> Olivier Lamy > >> Talend: http://coders.talend.com > >> http://twitter.com/olamy | http://linkedin.com/in/olamy > > > > > > > > -- > > Olivier Lamy > > Talend: http://coders.talend.com > > http://twitter.com/olamy | http://linkedin.com/in/olamy > > > > -- > Olivier Lamy > Talend: http://coders.talend.com > http://twitter.com/olamy | http://linkedin.com/in/olamy > -- Maria Odea Ching | [email protected] | http://www.linkedin.com/in/oching
