Yes, we do plan on mapping ORG & Space Roles to Groups in LDAP or via SAML.
At this time , the only scope that can be mapped is cloud_controller.admin
as its defined as an OAuth scope for Cloud Controller.
On Thu, Jul 23, 2015 at 5:48 AM, Zakharov Alexey <
Is there any plans to implement ORGs to LDAP groups binding later?
When I list group mappings, I can see a default mapping, which forces me
to think you are planning to do something like that:
$ uaac group mappings
Alexey Zakharov | CloudFoundry Team | Altoros
Tel: (617) 841-2121 ext. 5704 | Toll free: 855-ALTOROS
Fax: (866) 201-3646 | Skype: alexey.zakharov.a
www.altoros.com | blog.altoros.com | twitter.com/altoros
On Jul 22, 2015, at 18:05, Filip Hanik <fhanik(a)pivotal.io> wrote:
To elaborate a bit more, at this time the cloud controller maintains its
own roles and ACLs in the CC database.
On Wednesday, July 22, 2015, Sree Tummidi <stummidi(a)pivotal.io> wrote:
This support is not yet availablecf-dev mailing list
Sent from my iPad
On Jul 22, 2015, at 4:35 AM, Daniel Mikusa <dmikusa(a)pivotal.io> wrote:
On Wed, Jul 22, 2015 at 3:27 AM, Zakharov Alexey <
>* Hi guys! Sorry, missed that in your original post. Last I heard no you couldn't
*>* Sorry if my question is newbie or it was discussed before.
*>* I want to use LDAP for users authentication/authorisation. And I’ve
*>* successfully bound CF to LDAP, and managed to configure uaac group mappings.
*>* But then I realised, that there are no way to assign a Role to that group.
*>* 'cf set-org-role’ accepts only usernames as parameter, but not groups. I
*>* think assigning Developer role to group is more flexible than assigning is
*>* to every particular user.
*>* Are you going to add this feature later? Or maybe there is an another way
*>* to do group binding?
Have you looked at the `uaac` tool? I'm not quite sure I understand what
you're trying to do, but you can map an LDAP group DN to a UAA group with
`uaac`. Then if a user in that LDAP group logs in, they'll have that uaa
group. Is that what you're looking to do?
uaac group map --name cloud_controller.admin "GROUP-DISTINGUISHED-NAME"
Or are you asking about mapping LDAP groups to CF org & space roles? i.e.
user in ldap group X is automatically given the OrgManager role in org Y.
Yes, as I’ve stated before, I’ve already managed to configure group mappings using ‘uaac group map’.
And now I want to bind group members to Organizations and Spaces. Is it possible to do?
do this mapping, but that was a while ago though. Maybe someone on the
Identity team could confirm.
cf-dev mailing list
cf-dev mailing list