Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #6502 (new)

Opened 13 years ago

Last modified 10 years ago

Complex new_user_group configurations — at Version 6

Reported by: jamoore Owned by: jamoore
Priority: critical Milestone: Unscheduled
Component: Security Version: 4.4.9
Keywords: n.a. Cc: lkolchin@…, cxallan, bpindelski, atarkowska
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: n.a.
Sprint: n.a.

Description (last modified by jamoore)

If groups for a particular user in LDAP are not found still assign user to a default group. Something like:

omero.ldap.new_user_group=defaultgroupname&&:query:...
omero.ldap.new_user_group=:query:...||defaultgroupname

This group will take precedence, i.e. will be assigned first and lookup for additional groups (LDAP groups) will continue (successfully or not) and not prevent the user from logging in.

Further, this should most likely include a way to specify the permissions per group that comes from LDAP (.e.g :query(perms=rwr---):...)

Other ideas from Chris:

  • Allow adding arbitrary data in the specification similar
  • Allow setting a user's default group

Even more ideas:

  • Take group owner from LDAP
  • #11876 apply group filter but use a default group (i.e. :query: && defaultgroupname rather than ||)

See: http://lists.openmicroscopy.org.uk/pipermail/ome-users/2011-August/002772.html

Change History (6)

comment:1 Changed 12 years ago by jmoore

  • Description modified (diff)
  • Priority changed from major to critical

comment:2 Changed 12 years ago by jmoore

  • Cc cxallan added
  • Description modified (diff)
  • Milestone changed from Unscheduled to OMERO-Beta4.4

comment:3 Changed 12 years ago by jmoore

  • Milestone changed from OMERO-Beta4.4 to OMERO-Beta4.4.1

Advanced LDAP features will have to wait until after 4.4.0.

comment:4 Changed 12 years ago by jmoore

  • Description modified (diff)

comment:5 Changed 12 years ago by jmoore

  • Milestone changed from OMERO-4.5 to Unscheduled

Moving this out of 4.5. For the moment, anyone wanting something this complex will need to write their own bean class.

comment:6 Changed 10 years ago by jamoore

  • Cc bpindelski atarkowska added
  • Description modified (diff)
  • Version set to 4.4.9
Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.68114 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!