Closed fnpanic closed 2 years ago
Hi, it should also work for script access, the same syntax
fnpanic @.***> schrieb am Do., 24. Feb. 2022, 12:13:
Hi,
currently it is only possible to use a group for general access to script server via LDAP.
It would be handy to also limit scripts via groups. If you get the membership of a user at login then this could be matched without exessive queries or is there a reason why it is not in?
— Reply to this email directly, view it on GitHub https://github.com/bugy/script-server/issues/528, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJXPJL33IRTGVAP6DJODN3U4YHD7ANCNFSM5PHCHEVQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you are subscribed to this thread.Message ID: @.***>
yeah, I'm using groups pulled from LDAP to filter my scripts.
this is my main conf:
{
"auth": {
"type": "ldap",
"url": "ldap://ldap.example.net",
"username_pattern": "uid=$username,ou=Users,dc=example,dc=global",
"version": 3
},
"access": {
"allowed_users": [ "fixeduser01", "@rol-system", "@rol-support" , "@rol-telephone" ],
"admin_users": [ "@rol-system" ]
},
"title": "MY Scripts"
}
and on runners I got something like this:
"allowed_users": [ "127.0.0.1", "@rol-system", "@rol-support" ],
Awesome! Thanks for pointing this out. Was not clear to me from the docs.
Hi,
currently it is only possible to use a group for general access to script server via LDAP.
It would be handy to also limit scripts via groups. If you get the membership of a user at login then this could be matched without exessive queries or is there a reason why it is not in?