Hi I'm catching up on the workload, so I'll try to tackle this issue sooner. issue logged as : http://jira.public.thoughtworks.org/browse/CCNET-1986
with kind regards Ruben Willems On Mon, Nov 15, 2010 at 5:49 PM, Andy Levy <[email protected]> wrote: > On Mon, Oct 11, 2010 at 11:16, Andy Levy <[email protected]> wrote: > > I'm trying to set up project-level security on multiple servers, using > > LDAP for the user authentication. For testing purposes, I have 3 > > servers (I'll just call them A, B & C). A & B are configured for > > project security using LDAP, C has no security. I've had two issues so > > far that are stopping me: > > > > 1) It seems like I can only be authenticated to one server at a time, > > either via the web Dashboard or CCTray. I open up the Dashboard and > > see the projects on server C, all is well. I click on server A and see > > nothing. Then I log in using my LDAP credentials, and I can see the > > projects on A & C, but not B. If I attempt to Force a build, I get the > > following error:"Request processing has failed on the remote server: > > Permission to execute 'ViewProject' has been denied." > > > > If I log out, then go to server B & log in, I can then see B & C, but not > A. > > > > 2) In CCTray, I've configured the server connections to authenticate > > via WinLogin (both the servers and my workstation are on the same > > Active Directory domain) for servers A & B. Server C's project (no > > security) shows up just fine, but I get "Error: Project <name> not > > found on server" on server B. Server A's projects are listed, but when > > I attempt to force a build, I get the following error: > > > > An unexpected error has occurred while trying to force build > > Request processing has failed on the remote server: > > Permission to execute 'ViewProject' has been denied. > > > > When I attempt to force a build on server B, I get the following: > > > > An unexpected error has occurred while trying to force build > > Request processing has failed on the remote server: > > The session token is either invalid or is for a session that has expired. > > > > My ccnet.config sections: > > > > Server-level (directly below the root node): > > > > <internalSecurity> > > <users> > > <ldapUser name="MY_USER_ID" domain="OURDOMAIN"/> > > </users> > > <permissions> > > <rolePermission name="Developers" > forceBuild="Allow" startProject="Allow"> > > <users> > > <userName name="MY_USER_ID"/> > > </users> > > </rolePermission> > > <rolePermission name="Releasers" > forceBuild="Allow" startProject="Allow"> > > </rolePermission> > > </permissions> > > </internalSecurity> > > > > Project config: > > <security type="defaultProjectSecurity"> > > <permissions> > > <rolePermission name="Developers" > ref="Developers"/> > > <rolePermission name="Releasers" > ref="Releasers"/> > > </permissions> > > </security> > > > > I've tried to follow the examples in the documentation but I must be > > missing something obvious here. I would suspect the Dashboard > > configuration, but I get similar behavior with CCTray so I'm looking > > at the common denominator - the project/server configs. > > > > I hate to just bump a thread but I'm about to pull the trigger on > locking most of my projects down, and it would really be nice if I > could have my security such that my release managers can see > *everything* they have permission to release in one view, and all the > developers be able to actually see the status of all their builds. > Security just doesn't seem to work right as described above. Any ideas > at all where I've gone wrong? >
