LDAP with Access Control, default role assignment at first login



  • Hello,
    I’m using LDAP with Access Control. LDAP -> User Filter = 991
    I can see all LDAP users in the list and can assign them to the right role.
    Problem:
    When new users logging in for the first time, they have admin status. (undefined role)

    Is there a way to initially assign them to a “guest” role? And promote them by hand afterwards?


  • Senior Developer

    I’ve seen this request but not quite sure how to move forward.

    Please understand, Access controls, with this iteration of FOG Server, are coded after the fact.

    What do I mean by this?

    FOG didn’t really have any real security controls in place. You, indeed, needed to be logged in to do actions of course, but there weren’t any utilities in place for “modifying” access.

    For a period of time, there was a thing called “mobile” user which basically just allowed a user to use a mobile interface. This interface was coded along side the FOG system, and was a cumbersome tool to maintain. So when we moved to a responsive design, I removed that “mobile” gui as the new GUI is also mobile accessible.

    The Access control plugin is a huge leap toward getting a tool available to limit access based on rules/roles etc…, but it’s not a perfect system as it relies on the User existing in the database first.

    I’m sure we could work to add a utility to enable a “default” role association but right now it doesn’t exist.


  • Senior Developer

    I’ve seen this request but not quite sure how to move forward.

    Please understand, Access controls, with this iteration of FOG Server, are coded after the fact.

    What do I mean by this?

    FOG didn’t really have any real security controls in place. You, indeed, needed to be logged in to do actions of course, but there weren’t any utilities in place for “modifying” access.

    For a period of time, there was a thing called “mobile” user which basically just allowed a user to use a mobile interface. This interface was coded along side the FOG system, and was a cumbersome tool to maintain. So when we moved to a responsive design, I removed that “mobile” gui as the new GUI is also mobile accessible.

    The Access control plugin is a huge leap toward getting a tool available to limit access based on rules/roles etc…, but it’s not a perfect system as it relies on the User existing in the database first.

    I’m sure we could work to add a utility to enable a “default” role association but right now it doesn’t exist.



  • PUSH

    I’ve could adjust LDAP login, and allow only admins, but I’ve some students who would also like to work with it.
    So I’m allowing admins (admin role) and students (mobile role) to access.
    But not all students should have full access.

    As I listened, there is a new idea with the new version 1.6 on this subject.
    Hopefully this will solve my problem.


Log in to reply
 

363
Online

7.4k
Users

14.5k
Topics

136.5k
Posts