[om-infra] sso - custom username support is working now
Robert Xu
robxu9 at gmail.com
Fri Jan 22 13:10:42 EST 2016
Oh, guess not - where are the rules declared for manager access, though?
I can't find them..
On 22 January 2016 at 12:58, Jean-Claude Vanier <jclvanier at gmail.com> wrote:
> I don't understand. Who, beside the admins, can access the manager, curently ?
>
> 2016-01-22 18:48 GMT+01:00 Robert Xu <robxu9 at gmail.com>:
>> Umm... So I just checked - I think we're only checking if we're
>> authenticated, and if so, we're allowing everyone access to the
>> manager.
>>
>> I think we should probably set some rule or something..
>>
>> On 22 January 2016 at 12:34, Jean-Claude Vanier <jclvanier at gmail.com> wrote:
>>> I'm not sure we can do it with lemonldap as a general rule. But it's
>>> easy with phpldapadmin.
>>> Btw, I have reorganized the bbw pages about SSO stuffs.
>>>
>>> 2016-01-22 17:56 GMT+01:00 Robert Xu <robxu9 at gmail.com>:
>>>> I forget how lemonldap determines who is an admin and who isn't..
>>>>
>>>> On 22 Jan 2016 10:35, "Jean-Claude Vanier" <jclvanier at gmail.com> wrote:
>>>>>
>>>>> On one hand, even if manager has a dns set, a non logged user
>>>>> attempting to open it is redirected to auth and a logged user without
>>>>> admin permission get a frightening black page.
>>>>> On the other hand, manager will be seldom used, so a simple record in
>>>>> one's /etc/host can be enough.
>>>>> I have no strong opinion on this matter.
>>>>>
>>>>> 2016-01-22 15:27 GMT+01:00 Robert Xu <robxu9 at gmail.com>:
>>>>> > Careful - we don't want anyone accessing the manager; only those who are
>>>>> > proxied into Jasper or Ruby.
>
> _______________________________________________
> OM-Infra mailing list
> OM-Infra at ml.openmandriva.org
> http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org
--
cheers, Robert :: github.com/robxu9
More information about the OM-Infra
mailing list