[ccnet-user] Implementing wildcards with ldapUser security in 1.8.3

Wed, 12 Jun 2013 09:03:04 -0700 

I am having a hard time getting wildcards to work with security.  I'm 
hoping I'm doing something wrong, and this isn't a bug...
 
I want to give all ldap authenticated users "viewProject" rights, then 
Admins get all rights.
 
Here's my internalSecurity:
  <internalSecurity>
    <cache type="fileBasedCache" duration="60" mode="sliding" 
location="$(ccRoot)\sessions\" />
    <audit>
      <xmlFileAudit location="$(ccRoot)\CCNet.Security.Audit.xml" />
    </audit>
    <users>
      <ldapUser name="*" domain="MyDom"/>
    </users>
    <permissions>
      <rolePermission name="Admin" defaultRight="Allow">
        <users>
          <userName name="joes" />
          <userName name="waltp" />
          <userName name="buildmaster" />
        </users>
      </rolePermission>
      <rolePermission name="Guest" defaultRight="Deny" viewProject="Allow">
        <users>
          <userName name="*" />
        </users>
      </rolePermission>
  </internalSecurity>
 
Then in the projects, I have:
      <security type="defaultProjectSecurity">
          <permissions>
              <rolePermission name="Admin" ref="Admin" />
              <rolePermission name="Guest" ref="Guest" />
          </permissions>
      </security>
But this does not work.  If I login as joes, waltp, or buildmaster, I get 
the Allow rights, but any other user does not get viewProject rights, 
though they are able to login.  It appears that the wild card works in the 
<ldapUser> element, but not in the <rolePermission>'s <userName> element.
 
If I specifically put in a user name in the "Guest" role, then it does 
work, but only for that user:
      <rolePermission name="Guest" defaultRight="Deny" viewProject="Allow">
        <users>
          <userName name="susanp" />
        </users>
      </rolePermission>
But I'd hate to dissect all possible guest user accounts and add them 
individually!
 
I find this frustrating because this is almost exactly what is in the 
documentation, except they are using <passwordUser> and <simpleUser> rather 
than <ldapUser>.  
http://cruisecontrolnet.org/projects/ccnet/wiki/Internal_Server_Security
 
Any help much appreciated!

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ccnet-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to