Re: Mapping ORGs and Space permissions via LDAP
Alexander Lomov <alexander.lomov@...>
Hey, Mark.toggle quoted messageShow quoted text
At the moment there is no way to control access to org or spaces using UAA scopes.
You can find list of currently available UAA scopes here . To control org or spaces access you need something like zone id for org or space, but I don’t know the way to create such binding right now. I suppose the feature development is in progress.
Since you added UAA-LDAP integration, you can log in with LDAP user. After that you can control user access by CF roles  and this process does not involve UAA.
We also use cf-mgmt tool  to automate LDAP user binding with org/spaces on some of our projects. You may find it useful.
 https://docs.cloudfoundry.org/concepts/architecture/uaa.html#scopes <https://docs.cloudfoundry.org/concepts/architecture/uaa.html#scopes>
 https://docs.cloudfoundry.org/concepts/roles.html <https://docs.cloudfoundry.org/concepts/roles.html>
 https://github.com/pivotalservices/cf-mgmt <https://github.com/pivotalservices/cf-mgmt>
On Feb 18, 2017, at 6:19 PM, Mark Coumounduros <mcoumounduros(a)gmail.com> wrote: