[daisy] Fwd: NTLM and groups

Karel Vervaeke karel at outerthought.org
Thu Jul 10 18:02:41 CEST 2008 

Access granted.  Nice of you to share your work!

On Thu, 2008-07-10 at 16:35 +0100, Tim McDonald wrote:
> Hi
> 
> 
> I've managed to get half way towards solving my problem with
> authenticating new user but with differing roles. I've now got a
> working authentication scheme plugin which (I think) checks that users
> are part of group using the permissions on an specified windows share.
> 
> 
> I'd quite like to document my solution so I've created a new account
> on the Daisy Community Wiki. I don't suppose someone could turn it on
> (username: timmcd).
> 
> 
> I do have one remaining question (or possibly a new feature request).
> Can the authenticator be set to work in a cascade mode? (ie. defining
> multiple authentication schemes which are then applied in sequence if
> an earlier authentication Scheme fails).
> 
> 
> <target path="/daisy/repository/authentication/authenticator">
> 	 <configuration>
> 		 <!-- Indicates which authentication scheme to use, if any, to automatically create new users. -->       
> 		<authenticationSchemeForUserCreation>ntlm1</authenticationSchemeForUserCreation> 
> 		<authenticationSchemeForUserCreation>ntlm2</authenticationSchemeForUserCreation> 
> 		<authenticationSchemeForUserCreation>ntlm3</authenticationSchemeForUserCreation> 
> 	</configuration>
>  </target>
> This seems to be a simple way of allowing daisy to automate the
> creation new users with different roles using a range of
> different authentication schemes.
> 
> 
> 
> Best regards
> 
> 
> 
> 
> Tim
> 
> 
> 
> > Hi
> > 
> > I running in to a problem with the NTLM user authentication scheme
> > and was wondering if the daisy list could provide some pointers on
> > my potential solutions.
> > 
> > I'm successfully set up Daisy to authenticate users against the NTLM
> > domain controller, the users are created. Everything's great :-)
> > 
> > The problem I'm experiencing is that we'd actually like users to be
> > allocated different roles based upon the group they belong to in the
> > windows domain.  For example, users in the student group of the
> > windows domain should be assigned the role of student in daisy.
> > Similarly, users belonging to the staff group of the windows domain
> > should be assigned the role of staff. Our IT chaps require this to
> > ensure the
> > 
> > I've searched the daisy documentation and looked through the source
> > code for the authentication scheme (services/ntlm-auth). Both
> > sources don't appear to offer any guidance on how (or if) groups can
> > be incorporated in the set up of an authentication scheme.
> > 
> > Thanks in advance
> > 
> > Tim
> > 
> > 
> > 
> > ______________________________________________
> > Tim McDonald
> > 
> > Research Assistant
> > 
> > Dept of Mechanical Engineering
> > University College London
> > _______________________________________________
> > daisy community mailing list
> > Professional Daisy support:
> > http://outerthought.org/en/services/daisy/support.html
> > mail to: daisy at lists.cocoondev.org
> > list information: http://lists.cocoondev.org/mailman/listinfo/daisy
> > 
> 
> _______________________________________________
> daisy community mailing list
> Professional Daisy support: http://outerthought.org/en/services/daisy/support.html
> mail to: daisy at lists.cocoondev.org
> list information: http://lists.cocoondev.org/mailman/listinfo/daisy

More information about the daisy mailing list