Domain User Vault Access
Frozen Content
notes from #3871
For sync types of roles add ability to define LDAP query for background users sync and it's frequency. We will sync user info and theirs membership in a particular role. Similar approach used by uberSVN, Julian can show sample). For users that were automatically added to group during sync we need to watch, are they still present there and revoke their role membership, if they are no longer present in domain group.
Implementation
- we should be able to sync not only users, but their membership also - so sync tasks for Roles looks like solution
- we may sync members from several LDAP queries, into the one role
- user may be member of several roles
- we should watch for deleted users (additional attribute for user membership entity - synced from?) (lower priority)
- we should not use direct access to the IDS(users) database - work only via API
- background tasks should be running always (service my be shutdown by IIS due to inactivity)
- we may not provide LDAP browser UI - first version may require to have only valid LDAP query text
- we should allow to force synchronization manually
- svn passwords for syncronized users should be defined in proper way (IDS may handle that automatically)
- web UI may be done in cooperation with somebody from UI team
Using LDAP/Active Directory
http://docs.ubersvn.com/v1.0/ac.html#310
Lightweight Directory Access Protocol
http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
Securing Svnserve using SSH
http://tortoisesvn.net/ssh_howto.html
SSH Tunneling Explained
https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/
More notes from Nikoloay