[eduVPN-deploy] ACL - permission
Vincent Perrot
Vincent.Perrot at u-bourgogne.fr
Tue Apr 7 11:20:02 CEST 2020
Hi,
First, great thanks for your job!
I have a question related to ACL.
I would like to use multiple permissions with LDAP auth.
I have tested with add two "permissionAttribute" on /etc/vpn-user-portal/config.php :
'permissionAttribute' => 'eduPersonAffiliation',
'permissionAttribute' => 'memberOf',
In the configuration example (https://github.com/eduvpn/vpn-user-portal/blob/master/config/config.php.example), I saw that there was an attribute 'permissionAttributeList' and i tested with :
'permissionAttributeList' => ['eduPersonAffiliation', 'memberOf'],
My goal is to limit access to a user population except for admins.
/etc/vpn-user-portal/config.php
'FormLdapAuthentication' =>
array (
'ldapUri' => 'ldaps://myldap',
'bindDnTemplate' => 'uid={{UID}},ou=people,dc=myorga',
//'permissionAttribute' => 'eduPersonAffiliation',
//'permissionAttribute' => 'memberOf',
'permissionAttributeList' => ['eduPersonAffiliation', 'memberOf'],
),
'accessPermissionList' => ['student'],
'adminPermissionList' => ['cn=admins_vpn,ou=groups,dc=myorga'],
'adminUserIdList' =>
array (
0 => 'admin',
0 => 'mylogin',
),
/etc/vpn-server-api/config.php
'enableAcl' => true,
'aclPermissionList' => ['student'],
Thanks for your help.
Regards
Vincent
CentOS 7
vpn-server-api.noarch : 2.1.5-1.el7
vpn-server-node.noarch : 2.1.4-1.el7
vpn-user-portal.noarch : 2.2.5-1.el7
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://list.surfnet.nl/pipermail/eduvpn-deploy/attachments/20200407/5a8accda/attachment.html>
More information about the eduVPN-deploy
mailing list