We have numerous subversion servers in our organization, specifically so that we can have different access controls for each repo.

I'm trying to figure out if the way I'm thinking of deploying ReviewBoard even makes sense, and if it does, I've got some questions.


Specifically, we want to make sure that the people allowed to access a given repository in any way is just as restricted in reviewboard as it is in Subversion. For Subversion, each repository has a list of owners, and we generate the access control list for svn from those files.

For ReviewBoard, I'm planning to have a reviewboard configuration for each Subversion repository (a separate database, primarily), and different subsets of Apache configuration for each repository. Each reviewboard configuration needs to authenticate against LDAP, and prepopulate the list of users allowed for that review instance.

Does this make sense?  Is there a better way?

It looks like, to prepopulate users, I can write a script that will update the tables in MySQL. Is this a safe assumption?

How can I prevent people who have valid Active Directory credentials from logging in? It looks like the LDAP support in backends.py will automatically add users, but that's not what I want. Looks like the way to prevent that is to patch the LDAP auth already there so that it doesn't automatically create users. Is there some other way? Should I submit an enhancement to disallow automatic creation of accounts?

Thanks for any help/direction you can offer.

-Eric Johnson

--
Want to help the Review Board project? Donate today at 
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~----------~----~----~----~------~----~------~--~---
To unsubscribe from this group, send email to 
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/reviewboard?hl=en

Reply via email to