Motivation
Especially in big enterprises, it's complicated to get IT involved in SCM changes. Many customers need to create or change LDAP/AD groups but it takes too much time to get it done.
We have created a new authentication that mixes the LDAP/AD users with Plastic SCM groups. You can freely create new groups for Plastic SCM without the IT/AD admin intervention.
LDAP/AD groups are ignored and only the Plastic SCM groups are used to check the security and permissions.
Mixed LDAP and UP mode
Authentication: Active Directory and LDAP groups can be customized now. This will allow server administrators to create new credentials groups which will be visible only from PlasticSCM.
It can be useful if the AD/LDAP systems have restricted access, not allowing groups to be created.
In order to take advantage of this new feature, the server must be set to ADWorkingMode or LDAPWorkingMode, and add a new line on the 'server.conf' file:
<WorkingModeSettings>[setting[;setting2;...]]</WorkingModeSettings>
The currently supported settings are:
- add_up: include PlasticSCM users and groups
- skip_groups: don't include AD/LDAP groups
A valid example would be as follows:
<WorkingModeSettings>add_up;skip_groups</WorkingModeSettings>
To specify the custom groups, the server administrator will have to edit the 'groups.conf' file, placed under the same directory as the server executable (plasticd.exe).
This file stores group information, one line per group:
:[[:...]]
Group names should be unique, whereas user names can appear in different groups.
Example:
gallia:caesar:vercingetorix roma:augustus:caesar hispania:augustus aegyptus:cleopatra
User names in this list must match AD/LDAP user names.
To create a group hierarchy, group names inside groups must start with the '@' character.
Example:
spqr:@roma:administrator:@gallia