On 08/19/2014 03:52 AM, Ian wrote:
> I really don't want my entire organization to be able to log into my
> Review Board server, I only want to allow a few LDAP groups to connect.
>  Is there any way to set up Review Board to do that?  The "Custom LDAP
> User Search Filter:" looks like a possibility, or maybe there's some
> magic to be done in the "LDAP Base DN"?

Restricting access by LDAP group is a complicated topic (and something
that's not yet implemented in Review Board). There may be some shortcuts
depending on how your LDAP environment is implemented, though. (For
example, with Active Directory or FreeIPA, users have
automatically-added attributes that can be used to determine whether
they are members of a particular group). For a purely generic LDAP
environment, this would require significant coding effort to accomplish.

If you are using AD or FreeIPA as your LDAP environment, I can help you
figure out what to put in the Custom LDAP User Search Filter. If you're
using a custom environment, your better bet is to ask your LDAP admin to
add a new attribute on the users that are allowed to access ReviewBoard
which you can key off of.

Of course, the other question is whether denying access completely is
worthwhile vs allowing anyone to log in but using Review Board's own
authorization system to determine who can see individual repo reviews.
But IIRC that means managing the groups separately on the Review Board
side (since right now it can't automatically retrieve LDAP groups).

Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/
Sign up for Review Board hosting at RBCommons: https://rbcommons.com/
Happy user? Let us know at http://www.reviewboard.org/users/
You received this message because you are subscribed to the Google Groups 
"reviewboard" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to