On 08/19/2014 03:52 AM, Ian wrote: > I really don't want my entire organization to be able to log into my > Review Board server, I only want to allow a few LDAP groups to connect. > Is there any way to set up Review Board to do that? The "Custom LDAP > User Search Filter:" looks like a possibility, or maybe there's some > magic to be done in the "LDAP Base DN"? >
Restricting access by LDAP group is a complicated topic (and something that's not yet implemented in Review Board). There may be some shortcuts depending on how your LDAP environment is implemented, though. (For example, with Active Directory or FreeIPA, users have automatically-added attributes that can be used to determine whether they are members of a particular group). For a purely generic LDAP environment, this would require significant coding effort to accomplish. If you are using AD or FreeIPA as your LDAP environment, I can help you figure out what to put in the Custom LDAP User Search Filter. If you're using a custom environment, your better bet is to ask your LDAP admin to add a new attribute on the users that are allowed to access ReviewBoard which you can key off of. Of course, the other question is whether denying access completely is worthwhile vs allowing anyone to log in but using Review Board's own authorization system to determine who can see individual repo reviews. But IIRC that means managing the groups separately on the Review Board side (since right now it can't automatically retrieve LDAP groups). -- Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/ --- Sign up for Review Board hosting at RBCommons: https://rbcommons.com/ --- Happy user? Let us know at http://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
