Re: Assigning Role to Group

Home Messages Hashtags Subgroups

#883

Re: Assigning Role to Group

Zakharov Alexey <alexey.zakharov@...> #883 Is there any plans to implement ORGs to LDAP groups binding later? When I list group mappings, I can see a default mapping, which forces me to think you are planning to do something like that: $ uaac group mappings resources: - organizations.acme: cn=test_org,ou=people,o=springsource,o=org --- Alexey Zakharov \| CloudFoundry Team \| Altoros Tel: (617) 841-2121 ext. 5704 \| Toll free: 855-ALTOROS Fax: (866) 201-3646 \| Skype: alexey.zakharov.a www.altoros.com<http://www.altoros.com> \| blog.altoros.com<http://blog.altoros.com> \| twitter.com/altoros<http://twitter.com/altoros> toggle quoted message Show quoted text On Jul 22, 2015, at 18:05, Filip Hanik <fhanik(a)pivotal.io<mailto:fhanik(a)pivotal.io>> wrote: To elaborate a bit more, at this time the cloud controller maintains its own roles and ACLs in the CC database. Filip On Wednesday, July 22, 2015, Sree Tummidi <stummidi(a)pivotal.io<mailto:stummidi(a)pivotal.io>> wrote: This support is not yet available Thanks, Sree Sent from my iPad On Jul 22, 2015, at 4:35 AM, Daniel Mikusa <dmikusa(a)pivotal.io<javascript:_e(%7B%7D,'cvml','dmikusa(a)pivotal.io');>> wrote: On Wed, Jul 22, 2015 at 3:27 AM, Zakharov Alexey <alexey.zakharov(a)altoros.com<javascript:_e(%7B%7D,'cvml','alexey.zakharov(a)altoros.com');>> wrote: Hi guys! Sorry if my question is newbie or it was discussed before. I want to use LDAP for users authentication/authorisation. And I’ve successfully bound CF to LDAP, and managed to configure uaac group mappings. But then I realised, that there are no way to assign a Role to that group. 'cf set-org-role’ accepts only usernames as parameter, but not groups. I think assigning Developer role to group is more flexible than assigning is to every particular user. Are you going to add this feature later? Or maybe there is an another way to do group binding? Have you looked at the `uaac` tool? I'm not quite sure I understand what you're trying to do, but you can map an LDAP group DN to a UAA group with `uaac`. Then if a user in that LDAP group logs in, they'll have that uaa group. Is that what you're looking to do? Ex: uaac group map --name cloud_controller.admin "GROUP-DISTINGUISHED-NAME" Or are you asking about mapping LDAP groups to CF org & space roles? i.e. user in ldap group X is automatically given the OrgManager role in org Y. Dan Hi Dan! Yes, as I’ve stated before, I’ve already managed to configure group mappings using ‘uaac group map’. And now I want to bind group members to Organizations and Spaces. Is it possible to do? Sorry, missed that in your original post. Last I heard no you couldn't do this mapping, but that was a while ago though. Maybe someone on the Identity team could confirm. Dan _______________________________________________ cf-dev mailing list cf-dev(a)lists.cloudfoundry.org<javascript:_e(%7B%7D,'cvml','cf-dev(a)lists.cloudfoundry.org');> https://lists.cloudfoundry.org/mailman/listinfo/cf-dev _______________________________________________ cf-dev mailing list cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org> https://lists.cloudfoundry.org/mailman/listinfo/cf-dev attachment.html
More All Messages By This Member

View All 6 Messages In Topic

#883

Join {cf-dev@lists.cloudfoundry.org to automatically receive all group messages.

Home Hashtags Subgroups Terms