On Tuesday, August 19, 2014 4:39:04 AM UTC-7, Stephen Gallagher wrote:
> On 08/19/2014 03:52 AM, Ian wrote:
> > I really don't want my entire organization to be able to log into my
> > Review Board server, I only want to allow a few LDAP groups to connect.
> > Is there any way to set up Review Board to do that? The "Custom LDAP
> > User Search Filter:" looks like a possibility, or maybe there's some
> > magic to be done in the "LDAP Base DN"?
> Restricting access by LDAP group is a complicated topic (and something
> that's not yet implemented in Review Board). There may be some shortcuts
> depending on how your LDAP environment is implemented, though. (For
> example, with Active Directory or FreeIPA, users have
> automatically-added attributes that can be used to determine whether
> they are members of a particular group). For a purely generic LDAP
> environment, this would require significant coding effort to accomplish.
> If you are using AD or FreeIPA as your LDAP environment, I can help you
> figure out what to put in the Custom LDAP User Search Filter. If you're
> using a custom environment, your better bet is to ask your LDAP admin to
> add a new attribute on the users that are allowed to access ReviewBoard
> which you can key off of.
> Of course, the other question is whether denying access completely is
> worthwhile vs allowing anyone to log in but using Review Board's own
> authorization system to determine who can see individual repo reviews.
> But IIRC that means managing the groups separately on the Review Board
> side (since right now it can't automatically retrieve LDAP groups).
The main motivation is that search doesn't work if you use review-groups
thing in Review Board. But also it's a pain to keep my review groups on
Review Board in sync with the LDAP groups. I believe our organization uses
Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/
Sign up for Review Board hosting at RBCommons: https://rbcommons.com/
Happy user? Let us know at http://www.reviewboard.org/users/
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.