Domain User Vault Access

Frozen Content
Modified by Admin on Sep 13, 2017

notes from #3871

For sync types of roles add ability to define LDAP query for background users sync and it's frequency. We will sync user info and theirs membership in a particular role. Similar approach used by uberSVN, Julian can show sample). For users that were automatically added to group during sync we need to watch, are they still present there and revoke their role membership, if they are no longer present in domain group.

Implementation

  • we should be able to sync not only users, but their membership also - so sync tasks for Roles looks like solution
  • we may sync members from several LDAP queries, into the one role
  • user may be member of several roles
  • we should watch for deleted users (additional attribute for user membership entity - synced from?) (lower priority)
  • we should not use direct access to the IDS(users) database - work only via API
  • background tasks should be running always (service my be shutdown by IIS due to inactivity)
  • we may not provide LDAP browser UI - first version may require to have only valid LDAP query text
  • we should allow to force synchronization manually
  • svn passwords for syncronized users should be defined in proper way (IDS may handle that automatically)
  • web UI may be done in cooperation with somebody from UI team

More notes from Nikoloay

  • there should be additional tab with LDAP sync tasks (name - LDAP Sync)
  • there should be possibility to add several sync tasks, for each of the tasks we need to define - tasks name, description, ldap url, target role, sync frequency
  • each task should show status - with meaningful error text, if something wrong happens during syncronization
  • tasks should support editing
  • there should be way to initiate task manually (action in list of tasks)
  • we need short instruction how to create ldap string, samples, references to couple ldap browser etc - some info for documentation team and users
  • bug - it is impossible to add sync tasks with url - LDAP://altium.biz/OU=Users,OU=Research & Development,OU=GLOBAL,DC=altium,DC=biz
  • bug - sync tasks should not create any new roles!

Using LDAP/Active Directory

http://docs.ubersvn.com/v1.0/ac.html#310

Lightweight Directory Access Protocol

http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol

Securing Svnserve using SSH

http://tortoisesvn.net/ssh_howto.html

SSH Tunneling Explained

https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/

You are reporting an issue with the following selected text and/or image within the active document: