archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brent Atkinson <batkin...@apache.org>
Subject Re: Redback configuration
Date Wed, 19 Jan 2011 17:05:18 GMT
Wendy beat me to it.

I believe she is correct. You can configure anonymous read-only by granting
Global Repo Observer to your configured guest account, but selective roles
and privileges are not automatically granted based on ldap groups at the
moment. However, an administrator should be able to grant the appropriate
roles and privileges easily.

Feel free to submit a feature request to redback jira, REDBACK-142 is the
closest I could find, but the issue wasn't recreated as suggested. To
support editing of roles in archiva and continuum redback will require
write-back support which may be a bit tricky because of the variability of
directory schemas. It may be possible to get this done rather quickly if
redback role assignments are slaves to the LDAP groups. It may require the
ability to map LDAP groups to required redback privileges if there isn't a
1:1 correspondence.

Brent

On Wed, Jan 19, 2011 at 11:47 AM, Wendy Smoak <wsmoak@gmail.com> wrote:

> 2011/1/19 Igor Galić <i.galic@brainsware.org>:
>
> > I'm looking for a way to define a certain set of rules for Archiva's
> deployments and management.
> >
> > * anonymous read only access to all repositories
> > * read/write access to repo Experimental for all developers (ldap group)
> > * read/write access to repo DSL to all architects and team leads (ldap
> groups)
> > * Manage repositories (^ same group?)
> > * Manage users (admins ldap group)
> >
> > Is this possible with Redback, if so, uh.. how?
>
> You can do the 'anonymous read only access to all repositories' by
> granting the global repository observer role to the 'guest' user.
>
> I don't think LDAP groups have anything to do with it... the
> permissions (authorization) are kept in the Redback users database and
> LDAP is just consulted for authentication at login.
>
> So you would grant repository 'observer' or 'manager' roles to each
> person in Archiva as needed.
>
> Happy to be proven wrong though, I've just recently started using LDAP
> with Continuum/Archiva/Redback.
>
> --
> Wendy
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message