Start a new topic
Implemented

Implement LDAP/AD -> ProPack Group maping

 It would be very handy to have an optional configuration file that maps LDAP/AD groups to ProPack groups. I can see two use cases for this.

1. Testing.

Usually in large environments you cannot easily get different users for testing different privilege groups. You have your own user in LDAP/AD, so you can only test whaterver group you are in. You must also test other groups, but you don't have test users for this. This use case can be easily solved with a file mapping the LDAP group to a ProPack group. Say you are Admins, but you have to test Guests as well. So you map Admins to Guests in the mapping file.

2. Naming

Typically in large environments you have well-established naming conventions, eg. infrastructure relevant LDAP names must start with 'infra' (just an example). It would be very helpful to be able to map the company-style group name with a ProPack group name.

Of course, one could always create the groups in ProPack, but I prefer to use already existing entities.


[root@hostname propack]# cat Tools/etc/ZKB-LDAPGroupMapping.conf
# This configuration file maps a group entry found
# in ZKB LDAP to a Proactive Pack group. The syntax of
# this file is <LDAP group>: <ProPack group>. Blank lines
# and lines starting with the character '#' are ignored.
# Linear whitespace is ignored in the meaningful lines.
CCKTClientRole: Admins
[root@hostname propack]#


1 person likes this idea
1 Comment

Hello,

Thanks for the suggestion.

We will implement this feature as part of the 3.3 version planned for September 2017.

Philippe

Login or Signup to post a comment