On Wed, Jul 22, 2015 at 3:27 AM, Zakharov Alexey < alexey.zakharov(a)altoros.com> wrote:
>* Hi guys! *>* Sorry if my question is newbie or it was discussed before. *>* I want to use LDAP for users authentication/authorisation. And I’ve *>* successfully bound CF to LDAP, and managed to configure uaac group mappings. *>* But then I realised, that there are no way to assign a Role to that group. *>* 'cf set-org-role’ accepts only usernames as parameter, but not groups. I *>* think assigning Developer role to group is more flexible than assigning is *>* to every particular user. *>* Are you going to add this feature later? Or maybe there is an another way *>* to do group binding? *> Have you looked at the `uaac` tool? I'm not quite sure I understand what you're trying to do, but you can map an LDAP group DN to a UAA group with `uaac`. Then if a user in that LDAP group logs in, they'll have that uaa group. Is that what you're looking to do?
Ex:
uaac group map --name cloud_controller.admin "GROUP-DISTINGUISHED-NAME"
Or are you asking about mapping LDAP groups to CF org & space roles? i.e. user in ldap group X is automatically given the OrgManager role in org Y.
Dan
Hi Dan!
Yes, as I’ve stated before, I’ve already managed to configure group mappings using ‘uaac group map’.
And now I want to bind group members to Organizations and Spaces. Is it possible to do?
Sorry, missed that in your original post. Last I heard no you couldn't do this mapping, but that was a while ago though. Maybe someone on the Identity team could confirm.
