[om-infra] sso - custom username support is working now

Jean-Claude Vanier jclvanier at gmail.com
Fri Jan 22 17:30:36 EST 2016


There is a dedicated LemonLdap page on the bbw ...
I think we can try to connect discourse to the SSO system now.


2016-01-22 22:22 GMT+01:00 Robert Xu <robxu9 at gmail.com>:
> Oh. I see it now - okay. We should document that somewhere...
>
> Looks like we're more or less all set?
>
> On 22 January 2016 at 14:38, Jean-Claude Vanier <jclvanier at gmail.com> wrote:
>> I guess here: "virtual hosts/manager.openmandriva.org/rules/default"
>>
>> 2016-01-22 19:10 GMT+01:00 Robert Xu <robxu9 at gmail.com>:
>>> Oh, guess not - where are the rules declared for manager access, though?
>>> I can't find them..
>>>
>>> On 22 January 2016 at 12:58, Jean-Claude Vanier <jclvanier at gmail.com> wrote:
>>>> I don't understand. Who, beside the admins, can access the manager, curently ?
>>>>
>>>> 2016-01-22 18:48 GMT+01:00 Robert Xu <robxu9 at gmail.com>:
>>>>> Umm... So I just checked - I think we're only checking if we're
>>>>> authenticated, and if so, we're allowing everyone access to the
>>>>> manager.
>>>>>
>>>>> I think we should probably set some rule or something..
>>>>>
>>>>> On 22 January 2016 at 12:34, Jean-Claude Vanier <jclvanier at gmail.com> wrote:
>>>>>> I'm not sure we can do it with lemonldap as a general rule. But it's
>>>>>> easy with phpldapadmin.
>>>>>> Btw, I have reorganized the bbw pages about SSO stuffs.
>>>>>>
>>>>>> 2016-01-22 17:56 GMT+01:00 Robert Xu <robxu9 at gmail.com>:
>>>>>>> I forget how lemonldap determines who is an admin and who isn't..
>>>>>>>
>>>>>>> On 22 Jan 2016 10:35, "Jean-Claude Vanier" <jclvanier at gmail.com> wrote:
>>>>>>>>
>>>>>>>> On one hand, even if manager has a dns set, a non logged user
>>>>>>>> attempting to open it is redirected to auth and a logged user without
>>>>>>>> admin permission get a frightening black page.
>>>>>>>> On the other hand, manager will be seldom used, so a simple record in
>>>>>>>> one's /etc/host can be enough.
>>>>>>>> I have no strong opinion on this matter.
>>>>>>>>
>>>>>>>> 2016-01-22 15:27 GMT+01:00 Robert Xu <robxu9 at gmail.com>:
>>>>>>>> > Careful - we don't want anyone accessing the manager; only those who are
>>>>>>>> > proxied into Jasper or Ruby.
>>>>
>>>> _______________________________________________
>>>> OM-Infra mailing list
>>>> OM-Infra at ml.openmandriva.org
>>>> http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org
>>>
>>>
>>>
>>> --
>>> cheers, Robert :: github.com/robxu9
>>>
>>> _______________________________________________
>>> OM-Infra mailing list
>>> OM-Infra at ml.openmandriva.org
>>> http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org
>>
>> _______________________________________________
>> OM-Infra mailing list
>> OM-Infra at ml.openmandriva.org
>> http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org
>
>
>
> --
> cheers, Robert :: github.com/robxu9
>
> _______________________________________________
> OM-Infra mailing list
> OM-Infra at ml.openmandriva.org
> http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org



More information about the OM-Infra mailing list