On Tuesday, August 19, 2014 4:39:04 AM UTC-7, Stephen Gallagher wrote:
>
> On 08/19/2014 03:52 AM, Ian wrote: 
> > I really don't want my entire organization to be able to log into my 
> > Review Board server, I only want to allow a few LDAP groups to connect. 
> >  Is there any way to set up Review Board to do that?  The "Custom LDAP 
> > User Search Filter:" looks like a possibility, or maybe there's some 
> > magic to be done in the "LDAP Base DN"? 
> > 
>
> Restricting access by LDAP group is a complicated topic (and something 
> that's not yet implemented in Review Board). There may be some shortcuts 
> depending on how your LDAP environment is implemented, though. (For 
> example, with Active Directory or FreeIPA, users have 
> automatically-added attributes that can be used to determine whether 
> they are members of a particular group). For a purely generic LDAP 
> environment, this would require significant coding effort to accomplish. 
>
> If you are using AD or FreeIPA as your LDAP environment, I can help you 
> figure out what to put in the Custom LDAP User Search Filter. If you're 
> using a custom environment, your better bet is to ask your LDAP admin to 
> add a new attribute on the users that are allowed to access ReviewBoard 
> which you can key off of. 
>
> Of course, the other question is whether denying access completely is 
> worthwhile vs allowing anyone to log in but using Review Board's own 
> authorization system to determine who can see individual repo reviews. 
> But IIRC that means managing the groups separately on the Review Board 
> side (since right now it can't automatically retrieve LDAP groups). 
>
 
The main motivation is that search doesn't work if you use review-groups 
thing in Review Board.  But also it's a pain to keep my review groups on 
Review Board in sync with the LDAP groups.  I believe our organization uses 
OpenLDAP?

-- 
Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/
---
Sign up for Review Board hosting at RBCommons: https://rbcommons.com/
---
Happy user? Let us know at http://www.reviewboard.org/users/
--- 
You received this message because you are subscribed to the Google Groups 
"reviewboard" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to