[om-infra] sso - custom username support is working now
Jean-Claude Vanier
jclvanier at gmail.com
Fri Jan 22 12:58:34 EST 2016
I don't understand. Who, beside the admins, can access the manager, curently ?
2016-01-22 18:48 GMT+01:00 Robert Xu <robxu9 at gmail.com>:
> Umm... So I just checked - I think we're only checking if we're
> authenticated, and if so, we're allowing everyone access to the
> manager.
>
> I think we should probably set some rule or something..
>
> On 22 January 2016 at 12:34, Jean-Claude Vanier <jclvanier at gmail.com> wrote:
>> I'm not sure we can do it with lemonldap as a general rule. But it's
>> easy with phpldapadmin.
>> Btw, I have reorganized the bbw pages about SSO stuffs.
>>
>> 2016-01-22 17:56 GMT+01:00 Robert Xu <robxu9 at gmail.com>:
>>> I forget how lemonldap determines who is an admin and who isn't..
>>>
>>> On 22 Jan 2016 10:35, "Jean-Claude Vanier" <jclvanier at gmail.com> wrote:
>>>>
>>>> On one hand, even if manager has a dns set, a non logged user
>>>> attempting to open it is redirected to auth and a logged user without
>>>> admin permission get a frightening black page.
>>>> On the other hand, manager will be seldom used, so a simple record in
>>>> one's /etc/host can be enough.
>>>> I have no strong opinion on this matter.
>>>>
>>>> 2016-01-22 15:27 GMT+01:00 Robert Xu <robxu9 at gmail.com>:
>>>> > Careful - we don't want anyone accessing the manager; only those who are
>>>> > proxied into Jasper or Ruby.
More information about the OM-Infra
mailing list