Re: Mapping ORGs and Space permissions via LDAP

Eric Malm
 

Hi, Mark,

The CF community engaged in a serious effort in this domain for much of last year, in the incubating CF Perm project (https://github.com/cloudfoundry-incubator/perm). In the course of that effort, that team and the CAPI team discovered that while it was easy to integrate Perm with the authorization model for Cloud Controller's v3 API endpoints, it was nearly impossible to do so systematically for the v2 endpoints because of the complexity of their authorization model in CC.

Consequently, the CF Perm project has effectively been on hiatus while the CAPI and CLI teams work through their v3 API acceleration effort to implement replacements for the remaining v2 API endpoints in v3. Those teams have also published some information about their progress towards v3 in recent cf-dev topics, such as CC API v3 Proposals and the CC API v2 Deprecation plan.

Best,
Eric Malm, CF Application Runtime PMC Lead

On Mon, Apr 1, 2019 at 10:21 AM Mark Coumounduros <mcoumounduros@...> wrote:

Hello Cloud Foundry:

Just checking back on whether there are ways to control access to org or spaces using UAA scopes (i.e., mapping LDAP Groups to Cloud Foundry Orgs and/or Spaces).

I last posted to the community back in Feb 2017 and am hoping this feature is now enabled for end users (or forthcoming).  Cheers!

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.