On Tuesday, August 19, 2014 4:39:04 AM UTC-7, Stephen Gallagher wrote: > > On 08/19/2014 03:52 AM, Ian wrote: > > I really don't want my entire organization to be able to log into my > > Review Board server, I only want to allow a few LDAP groups to connect. > > Is there any way to set up Review Board to do that? The "Custom LDAP > > User Search Filter:" looks like a possibility, or maybe there's some > > magic to be done in the "LDAP Base DN"? > > > > Restricting access by LDAP group is a complicated topic (and something > that's not yet implemented in Review Board). There may be some shortcuts > depending on how your LDAP environment is implemented, though. (For > example, with Active Directory or FreeIPA, users have > automatically-added attributes that can be used to determine whether > they are members of a particular group). For a purely generic LDAP > environment, this would require significant coding effort to accomplish. > > If you are using AD or FreeIPA as your LDAP environment, I can help you > figure out what to put in the Custom LDAP User Search Filter. If you're > using a custom environment, your better bet is to ask your LDAP admin to > add a new attribute on the users that are allowed to access ReviewBoard > which you can key off of. > > Of course, the other question is whether denying access completely is > worthwhile vs allowing anyone to log in but using Review Board's own > authorization system to determine who can see individual repo reviews. > But IIRC that means managing the groups separately on the Review Board > side (since right now it can't automatically retrieve LDAP groups). > The main motivation is that search doesn't work if you use review-groups thing in Review Board. But also it's a pain to keep my review groups on Review Board in sync with the LDAP groups. I believe our organization uses OpenLDAP?
-- Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/ --- Sign up for Review Board hosting at RBCommons: https://rbcommons.com/ --- Happy user? Let us know at http://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
