[racktables-users] Autotags for ldap and http authentication (and other authentication)

Hi,

I busted into the code again!

I've been experimenting with racktables for a bit now, and we've decided to
use it for a approximately 15 engineers (and around 5 managers) setup with
ldap authentication.
Basically, we wanted to provide single single sign on etc, and managed to
achieve this nicely.

One thing I noticed, however, is that I found it hard to manage user
accounts that are added in from ldap if, lets say, I wanted to have a
generic user (who is authenticated) given blanket permissions (such as read
only).

So! I created some extra auto tags to facilitate this. I would think it an
good addition to the code (which I'd be happy to commit).

Basically, upon successful authentication from any source, I set a
"$user_authenticated" autotag. As a further refinement I've also put in
"$http_user_authenticated", "$database_user_authenticated" and
"$ldap_user_authenticated" as well.

So, adding these autotags then enabled me to very simply define my
permissions, without having to specify individual users, so now my
permissons rules look like the following:

1allow {$userid_1} or {racktables_writers}2allow {$user_authenticated} and
{$tab_default}
These rules basically say
"allow total access to the admin (user id of 1) or the uses tagged with
racktables_writers"
"allow any authenticated user access to the default tab (only)"

So it really simplifies my permissions setup, and I dont have to add new
users into the permissions thing all the time.

Let me know what you think.

Regards,

Troy Rose

Other related posts: