I have no idea why your config doesn't work.
I am doing it a bit different, in my config every User who is not signed in
does have view and force right. The Admin has all rights, after he signed
in.
Here is my config
<internalSecurity>
<audit>
<xmlFileAudit location="$(CCNETFOLDER)\CCNet_Audit.xml"/>
</audit>
<auditReader type="xmlFileAuditReader"
location="$(CCNETFOLDER)\CCNet_Audit.xml"/>
<users>
<ldapUser name="*" domain="domain"/>
</users>
<permissions>
<rolePermission name="Admins">
<defaultRight>Allow</defaultRight>
<startProject>Allow</startProject>
<users>
<userName name="user1" />
<userName name="user2" />
<userName name="user3 " />
</users>
</rolePermission>
<rolePermission name="user">
<forceBuild>Allow</forceBuild>
<viewProject>Allow</viewProject>
<defaultRight>Deny</defaultRight>
<users>
<userName name="*"/>
</users>
</rolePermission>
</permissions>
</internalSecurity>
And every Project has this..
<security type="defaultProjectSecurity">
<defaultRight>Deny</defaultRight>
<guest>User</guest>
<permissions>
<userPermission user="user">
<defaultRight>Deny</defaultRight>
<viewProject>Allow</viewProject>
<forceBuild>Allow</forceBuild>
</userPermission>
<rolePermission name="Admins" ref="Admins" />
</permissions>
</security>
Regards.
Am Freitag, 31. Mai 2013 17:00:55 UTC+2 schrieb Michael Van Hoff:
>
> I am having a hard time getting wildcards to work with security. I'm
> hoping I'm doing something wrong, and this isn't a bug...
>
> I want to give all ldap authenticated users "viewProject" rights, then
> Admins get all rights.
>
> Here's my internalSecurity:
> <internalSecurity>
> <cache type="fileBasedCache" duration="60" mode="sliding"
> location="$(ccRoot)\sessions\" />
> <audit>
> <xmlFileAudit location="$(ccRoot)\CCNet.Security.Audit.xml" />
> </audit>
> <users>
> <ldapUser name="*" domain="MyDom"/>
> </users>
> <permissions>
> <rolePermission name="Admin" defaultRight="Allow">
> <users>
> <userName name="joes" />
> <userName name="waltp" />
> <userName name="buildmaster" />
> </users>
> </rolePermission>
> <rolePermission name="Guest" defaultRight="Deny" viewProject="Allow">
> <users>
> <userName name="*" />
> </users>
> </rolePermission>
> </internalSecurity>
>
> Then in the projects, I have:
> <security type="defaultProjectSecurity">
> <permissions>
> <rolePermission name="Admin" ref="Admin" />
> <rolePermission name="Guest" ref="Guest" />
> </permissions>
> </security>
> But this does not work. If I login as joes, waltp, or buildmaster, I get
> the Allow rights, but any other user does not get viewProject rights,
> though they are able to login. It appears that the wild card works in the
> <ldapUser> element, but not in the <rolePermission>'s <userName> element.
>
> If I specifically put in a user name in the "Guest" role, then it does
> work, but only for that user:
> <rolePermission name="Guest" defaultRight="Deny" viewProject="Allow">
> <users>
> <userName name="susanp" />
> </users>
> </rolePermission>
> But I'd hate to dissect all possible guest user accounts and add them
> individually!
>
> I find this frustrating because this is almost exactly what is in the
> documentation, except they are using <passwordUser> and <simpleUser> rather
> than <ldapUser>.
> http://cruisecontrolnet.org/projects/ccnet/wiki/Internal_Server_Security
>
> Any help much appreciated!
>
--
---
You received this message because you are subscribed to the Google Groups
"ccnet-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
