[daisy] Fwd: NTLM and groups

Tim McDonald t_mcdonald at meng.ucl.ac.uk
Thu Jul 10 17:35:56 CEST 2008 

Hi

I've managed to get half way towards solving my problem with  
authenticating new user but with differing roles. I've now got a  
working authentication scheme plugin which (I think) checks that users  
are part of group using the permissions on an specified windows share.

I'd quite like to document my solution so I've created a new account  
on the Daisy Community Wiki. I don't suppose someone could turn it on  
(username: timmcd).

I do have one remaining question (or possibly a new feature request).  
Can the authenticator be set to work in a cascade mode? (ie. defining  
multiple authentication schemes which are then applied in sequence if  
an earlier authentication Scheme fails).

<target path="/daisy/repository/authentication/authenticator">
	 <configuration>
		 <!-- Indicates which authentication scheme to use, if any, to  
automatically create new users. -->
		<authenticationSchemeForUserCreation>ntlm1</ 
authenticationSchemeForUserCreation>
		<authenticationSchemeForUserCreation>ntlm2</ 
authenticationSchemeForUserCreation>
		<authenticationSchemeForUserCreation>ntlm3</ 
authenticationSchemeForUserCreation>
	</configuration>
  </target>
This seems to be a simple way of allowing daisy to automate the  
creation new users with different roles using a range of different  
authentication schemes.

Best regards


Tim


> Hi
>
> I running in to a problem with the NTLM user authentication scheme  
> and was wondering if the daisy list could provide some pointers on  
> my potential solutions.
>
> I'm successfully set up Daisy to authenticate users against the NTLM  
> domain controller, the users are created. Everything's great :-)
>
> The problem I'm experiencing is that we'd actually like users to be  
> allocated different roles based upon the group they belong to in the  
> windows domain.  For example, users in the student group of the  
> windows domain should be assigned the role of student in daisy.  
> Similarly, users belonging to the staff group of the windows domain  
> should be assigned the role of staff. Our IT chaps require this to  
> ensure the
>
> I've searched the daisy documentation and looked through the source  
> code for the authentication scheme (services/ntlm-auth). Both  
> sources don't appear to offer any guidance on how (or if) groups can  
> be incorporated in the set up of an authentication scheme.
>
> Thanks in advance
>
> Tim
>
>
>
> ______________________________________________
> Tim McDonald
>
> Research Assistant
>
> Dept of Mechanical Engineering
> University College London
> _______________________________________________
> daisy community mailing list
> Professional Daisy support: http://outerthought.org/en/services/daisy/support.html
> mail to: daisy at lists.cocoondev.org
> list information: http://lists.cocoondev.org/mailman/listinfo/daisy

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.cocoondev.org/pipermail/daisy/attachments/20080710/9a6815d8/attachment.htm

More information about the daisy mailing list