maria-grigorieva / icatproject

Automatically exported from code.google.com/p/icatproject
0 stars 0 forks source link

icat.properties rootUserNames using different authentication plugins (mnemonics) #82

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. deploy an authentication plugin, e.g. useroffice (maybe also ldap)
2. set rootUserNames to useroffice/root in icat.properties
3. set authn.list to useroffice in icat.properties
4. restart domain
5. try to add a new Rule to ICAT.

What is the expected output? What do you see instead?
I expect CRUD access to ICAT Rules but get permission errors.
Thus you have to create at least one db user with CRUD access for initial setup.
The system treats root (db) and useroffice/root as different users. That is ok 
but
it should be possible to specify to which mnemonic an account belongs in 
icat.properties
file. I propose to use the notation {mnemonic}/{username} in icat.properties 
because
this syntax is also used in the log files. This change is necessary to get rid 
off an
initial setup using db authentication.

Original issue reported on code.google.com by c.felder...@googlemail.com on 2 Oct 2012 at 7:43

GoogleCodeExporter commented 9 years ago
The name returned by the authentication plugin is determined by that plugin. In 
the case of the ldap and db plugins they will both prefix the user name with 
xxxx/ where you can choose xxxx but I would recommend "ldap" or "db".

The root users listed in the icat properties files are shown with the full name 
as returned by the authentication plugin.

I believe that the current system should meet the needs implied by your report. 
I I will therefore mark this as invalid. If you don't agree could we discuss it 
privately.

Steve

Original comment by dr.s.m.f...@gmail.com on 13 Dec 2012 at 4:19