<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div>Hi,<br></div><div><br data-mce-bogus="1"></div><div>First, great thanks for your job!<br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div>I have a question related to ACL.<br data-mce-bogus="1"></div><div>I would like to use multiple permissions with LDAP auth.<br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div>I have tested with add two "permissionAttribute" on /etc/vpn-user-portal/config.php :<br data-mce-bogus="1"></div><div>'permissionAttribute' => 'eduPersonAffiliation',</div><div>'permissionAttribute' => 'memberOf',</div><div><br data-mce-bogus="1"></div><div>In the configuration example (https://github.com/eduvpn/vpn-user-portal/blob/master/config/config.php.example), I saw that there was an attribute 'permissionAttributeList' and i tested with :<br data-mce-bogus="1"></div><div>'permissionAttributeList' => ['eduPersonAffiliation', 'memberOf'],<br></div><div><br data-mce-bogus="1"></div><div>My goal is to limit access to a user population except for admins.<br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div>/etc/vpn-user-portal/config.php<br>'FormLdapAuthentication' =><br> array (<br> 'ldapUri' => 'ldaps://myldap',<br> 'bindDnTemplate' => 'uid={{UID}},ou=people,dc=myorga',<br> //'permissionAttribute' => 'eduPersonAffiliation',<br> //'permissionAttribute' => 'memberOf',<br> 'permissionAttributeList' => ['eduPersonAffiliation', 'memberOf'],<br> ),<br> 'accessPermissionList' => ['student'],<br> 'adminPermissionList' => ['cn=admins_vpn,ou=groups,dc=myorga'],<br> 'adminUserIdList' =><br> array (<br> 0 => 'admin',<br> 0 => 'mylogin',<br> ),<br><br>/etc/vpn-server-api/config.php<br>'enableAcl' => true,<br>'aclPermissionList' => ['student'],<br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div><pre>Thanks for your help.
Regards<br><br>Vincent<br><br>CentOS 7<br>vpn-server-api.noarch : 2.1.5-1.el7<br>vpn-server-node.noarch : 2.1.4-1.el7<br>vpn-user-portal.noarch : 2.2.5-1.el7<br></pre></div><div data-marker="__SIG_PRE__"><p><br data-mce-bogus="1"></p></div></div></body></html>