[om-infra] sso - custom username support is working now

Robert Xu robxu9 at gmail.com
Sat Jan 23 12:08:15 EST 2016


Should we clear Discourse for this? Or just roll with it?

Let's try having a dedicated time and date to switch systems over so that
we can do it all at once.

Robert
On 22 Jan 2016 17:31, "Jean-Claude Vanier" <jclvanier at gmail.com> wrote:

> There is a dedicated LemonLdap page on the bbw ...
> I think we can try to connect discourse to the SSO system now.
>
>
> 2016-01-22 22:22 GMT+01:00 Robert Xu <robxu9 at gmail.com>:
> > Oh. I see it now - okay. We should document that somewhere...
> >
> > Looks like we're more or less all set?
> >
> > On 22 January 2016 at 14:38, Jean-Claude Vanier <jclvanier at gmail.com>
> wrote:
> >> I guess here: "virtual hosts/manager.openmandriva.org/rules/default"
> >>
> >> 2016-01-22 19:10 GMT+01:00 Robert Xu <robxu9 at gmail.com>:
> >>> Oh, guess not - where are the rules declared for manager access,
> though?
> >>> I can't find them..
> >>>
> >>> On 22 January 2016 at 12:58, Jean-Claude Vanier <jclvanier at gmail.com>
> wrote:
> >>>> I don't understand. Who, beside the admins, can access the manager,
> curently ?
> >>>>
> >>>> 2016-01-22 18:48 GMT+01:00 Robert Xu <robxu9 at gmail.com>:
> >>>>> Umm... So I just checked - I think we're only checking if we're
> >>>>> authenticated, and if so, we're allowing everyone access to the
> >>>>> manager.
> >>>>>
> >>>>> I think we should probably set some rule or something..
> >>>>>
> >>>>> On 22 January 2016 at 12:34, Jean-Claude Vanier <jclvanier at gmail.com>
> wrote:
> >>>>>> I'm not sure we can do it with lemonldap as a general rule. But it's
> >>>>>> easy with phpldapadmin.
> >>>>>> Btw, I have reorganized the bbw pages about SSO stuffs.
> >>>>>>
> >>>>>> 2016-01-22 17:56 GMT+01:00 Robert Xu <robxu9 at gmail.com>:
> >>>>>>> I forget how lemonldap determines who is an admin and who isn't..
> >>>>>>>
> >>>>>>> On 22 Jan 2016 10:35, "Jean-Claude Vanier" <jclvanier at gmail.com>
> wrote:
> >>>>>>>>
> >>>>>>>> On one hand, even if manager has a dns set, a non logged user
> >>>>>>>> attempting to open it is redirected to auth and a logged user
> without
> >>>>>>>> admin permission get a frightening black page.
> >>>>>>>> On the other hand, manager will be seldom used, so a simple
> record in
> >>>>>>>> one's /etc/host can be enough.
> >>>>>>>> I have no strong opinion on this matter.
> >>>>>>>>
> >>>>>>>> 2016-01-22 15:27 GMT+01:00 Robert Xu <robxu9 at gmail.com>:
> >>>>>>>> > Careful - we don't want anyone accessing the manager; only
> those who are
> >>>>>>>> > proxied into Jasper or Ruby.
> >>>>
> >>>> _______________________________________________
> >>>> OM-Infra mailing list
> >>>> OM-Infra at ml.openmandriva.org
> >>>>
> http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org
> >>>
> >>>
> >>>
> >>> --
> >>> cheers, Robert :: github.com/robxu9
> >>>
> >>> _______________________________________________
> >>> OM-Infra mailing list
> >>> OM-Infra at ml.openmandriva.org
> >>>
> http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org
> >>
> >> _______________________________________________
> >> OM-Infra mailing list
> >> OM-Infra at ml.openmandriva.org
> >>
> http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org
> >
> >
> >
> > --
> > cheers, Robert :: github.com/robxu9
> >
> > _______________________________________________
> > OM-Infra mailing list
> > OM-Infra at ml.openmandriva.org
> > http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org
>
> _______________________________________________
> OM-Infra mailing list
> OM-Infra at ml.openmandriva.org
> http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://ml.openmandriva.org/mailman/private/om-infra_ml.openmandriva.org/attachments/20160123/47746ace/attachment.html>


More information about the OM-Infra mailing list