Hi,
I have configured ldap after your mail. But I couldn't able to login into
web dashboard. Please find the ldap configurations below. Could you please
tell me whats wrong with my configurations. is there anything to do before
writing this as machine level
<internalSecurity>
<audit>
<xmlFileAudit location="C:\Logs\CCNet_Audit.xml"/>
</audit>
<auditReader type="xmlFileAuditReader"
location="C:\Logs\CCNet_Audit.xml"/>
<users>
<ldapUser name="LokanaSM" domain="unisys.com"/>
<ldapUser name="RajaredM" domain="unisys.com"/>
<ldapUser name="RamakrVC" domain="unisys.com"/>
<ldapUser name="Kalavas" domain="unisys.com"/>
<ldapUser name="ChikkaG" domain="unisys.com"/>
</users>
<permissions>
<rolePermission name="Admin" defaultRight="Allow">
<users>
<userName name="LokanaSM"/>
<userName name="Kalavas"/>
</users>
</rolePermission>
<rolePermission name="LAS-Developers" forceBuild="Allow"
defaultRight="Deny">
<users>
<userName name="Kummarat"/>
<userName name="RamakrVC"/>
</users>
</rolePermission>
<rolePermission name="LAS-Admin" forceBuild="Allow" startProject="Allow"
defaultRight="Deny">
<users>
<userName name="RajaredM"/>
<userName name="ChikkaG"/>
</users>
</rolePermission>
</permissions>
</internalSecurity>
and project level security
<security type="defaultProjectSecurity" defaultRight="Deny">
<permissions>
<rolePermission name="LAS-Developers" ref="LAS-Developers"/>
<rolePermission name="LAS-Admin" ref="LAS-Admin"/>
<rolePermission name="Admin" ref="Admin"/>
</permissions>
</security>
On Thu, Jan 5, 2012 at 4:28 PM, Christopher <[email protected]> wrote:
> Hi,
>
> I have set up authentication in CC.NET <http://cc.net/> 1.6 using
> ldapUsers and this
> works. Users can login on the dashboard with their active directory
> accounts and I am able to manage what they can or cannot do. By
> default, users should be able to see the projects, but are only
> allowed to build them if they either have the role 'Builder' or
> 'Admin'. What puzzles me, is that when a user who hasn't logged in yet
> tries to force a build, he is presented with the following exception
> message:
>
> Request processing has failed on the remote server: The session token
> is either invalid or is for a session that has expired.
>
> This is rather confusing for users and it would be nice if the user
> were presented with a login dialog or at the very least a friendly
> prompt requesting the user to first login. Even better would be if
> users didn't have to login at all and the logged in windows account
> were detected automatically.
>
> So, my question is, why am I getting this exception message and isn't
> there a more elegant way of handling this?
>
> This is roughly how my security has been configured:
>
> <defaults defaultRight="Deny" viewProject="Allow"/>
> <users>
> <ldapUser name="john" domain="MyDomain"/>
> ...
> </users>
>
> <permissions>
> <rolePermission name="Builder" defaultRight="Deny"
> viewProject="Allow" forceBuild="Allow">
> <users>
> <userName name="john"/>
> </users>
> </rolePermission>
>
> <rolePermission name="Admin" defaultRight="Allow">
> <users>
> <userName name="christopher"/>
> </users>
> </rolePermission>
>
> Then, at the project level, I have added this:
>
> <security type="defaultProjectSecurity" guest="*">
> <permissions>
> <rolePermission name="Admin" ref="Admin"/>
> <rolePermission name="Builder" ref="Builder"/>
> </permissions>
> </security>
>
>
> Regards,
>
> Christopher
>
>
>
>
>
--
Thanks and Regards,
Shiva
