git-proxy icon indicating copy to clipboard operation
git-proxy copied to clipboard

Published 20 hours ago verified publisher icon finos

LDAP / Active Directory Authorisation

Open grovesy opened this issue 4 years ago • 0 comments

AD authentication plugin should have the following configuration options

  1. LDAP/AD information
  2. Admin group (can do anything group)
  3. authorizer-group (can authorize pushes)
  4. write-group (can-push)
  5. read-group (can pull)

The login logic should be

  1. Check if the AD user is in the correct-groups

  2. If is in one or more of the groups and does not exist as a local user - create a new local user

  3. If the local user does exist in a group AND locally, update the local user's profile with the latest AD information

  4. AD information to propagate

  • email address,
  • access permisions based on group membership

grovesy avatar Nov 27 '20 10:11 grovesy