New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[studio] Allow LDAP users to be part of multiple sites #1424

Closed
alhambrav opened this Issue Oct 5, 2017 · 3 comments

Comments

@alhambrav
Member

alhambrav commented Oct 5, 2017

Studio allows the LDAP user to have multiple groups but not multiple sites.
Using Apache Directory Studio, I used an LDIF to setup the users. I have a user, Jane Doe that I want to be part of two sites, myawesomesite and helloworld. The user also belongs to two groups, Admin and Editor.

dn: cn=Jane Doe,ou=Users,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Jane Doe
sn: Doe
ou: Admin
ou:Editor
description: 19650324000000Z
employeeNumber: 8
givenName: Jane
mail: john@example.com
o: myawesomesite
o: helloworld
telephoneNumber: 169-637-3314
telephoneNumber: 907-547-9114
uid: jdoe
userPassword:: abc

Notice after logging in that the user only has access to the site myawesomesite

screen shot 2017-10-05 at 4 15 35 pm

It did add the user jdoe to the Admin group, and it created a new group Editor

screen shot 2017-10-05 at 4 20 37 pm

(I also noticed in the file DbWithLdapExtensionSecurityProvider.java that there's no loop for the siteIdAttrib and there is a loop for groupNameAttrib, although I did not look at it closely and there may be a loop for the siteId somewhere that I do not know=) )

@dejan-brkic

This comment has been minimized.

Show comment
Hide comment
@dejan-brkic

dejan-brkic Oct 10, 2017

Member

@sumerjabri We need to discuss this feature. If user belongs to 2 or more different sites, there is no obvious relationship between groups and sites as LDAP attributes. Groups are just attribute values and we can not know which site each group belongs to. Also this is something very dependent on LDAP schema and its implementation onsite.

Member

dejan-brkic commented Oct 10, 2017

@sumerjabri We need to discuss this feature. If user belongs to 2 or more different sites, there is no obvious relationship between groups and sites as LDAP attributes. Groups are just attribute values and we can not know which site each group belongs to. Also this is something very dependent on LDAP schema and its implementation onsite.

@dejan-brkic

This comment has been minimized.

Show comment
Hide comment
@dejan-brkic
Member

dejan-brkic commented Oct 16, 2017

@dejan-brkic dejan-brkic moved this from Backlog to Completed in Crafter CMS v3.0.x Oct 16, 2017

@dejan-brkic dejan-brkic moved this from Completed to Test & Validate in Crafter CMS v3.0.x Oct 16, 2017

@alhambrav

This comment has been minimized.

Show comment
Hide comment
@alhambrav

alhambrav Oct 17, 2017

Member

Verified fixed.

Member

alhambrav commented Oct 17, 2017

Verified fixed.

@alhambrav alhambrav closed this Oct 17, 2017

@alhambrav alhambrav moved this from Test & Validate to Completed in Crafter CMS v3.0.x Oct 17, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment