ActiveDirectory/LDAP support

alinapieralinapier
in Feature Requests
Hi
I run a print farm in an art college with around 900 users - therefore setting up user accounts for each user isn't really workable.
It occurs to me that authenticating user accounts against AD/LDAP might be a good solution. Any plans?

Comments

  • RepetierRepetier
    Not really. Never used them. How would you define user settings for them using LDAP? I mean you still have 900 users where you need to say what the server id is and which permissions they get. We need an entry in the server database so functions work, so guess it is not so easy.
  • asatyrasatyr
    edited April 2021
    Good day,
    i´m sorry to reopen this old topic. Maby i can set something stright here.
    What he means is a simple solution for larger printer farms.

    Lets say you set up 10-20 3d Printers and have a user count of 300-600.

    In Active Directory you can assign Groups to the users. thous for itself are bounded to a group policy with then delivery the server id. this gives generic read access.
    a seperat group would also been connected via gpo and delivers a printer that the corresponding users are allowed to use.
    then in advance you can address admin permissions to controll things.

    in this way you just need to assign groups to the allready existing users, insteat creating 600 custom users within the repertier server.

    this could also reduce the password count every user need to remember since they can use there own ad/ldap credentials.

    in sum:
    perfect application for large scale busines in a secure and easy way
  • RepetierRepetier
    User authentication really needs some improvements long term. But it should be easy for users and most have no idea the LDAP even exists. This is really admin stuff for larger companies with many users. I think more about a central position for all users plus local users. But as soon as we get finer permissions per printer it again gets complicated. But that might be solveable by grouping printers and assign permissions to printer groups instead. In any case a bigger project to implement good. And maybe even combineable with LDAP as possible extra source.
  • asatyrasatyr
    LDAP/AD should allways something optional. since, as you mentioned, a lot of users don´t know what it is and what it could do.
    but even in small scale it is something that could be handy for tech enthusiasts.

    i definitly would be up to this idea. you could even expand the core functionality with ad controlled fileservices.
    like every user has its own home repository #dreamon ^^

    but i guess this would be a bit too much.

    still ad controlled user permissions would be awsome!
  • RepetierRepetier
    One problem I see at the moment is that it seems I need to get the password. For security reason we never transmit the clear password and use a response challenge system to verify users. Especially since inside intranet you can not have trusted https connections. But need to learn more about this first. Maybe we can store our hashed password in directory as well also that would then be indepndendet of the regular password.
  • asatyrasatyr
    or you could use a middleware for secure "translation"
    and in case of security. if someone set up a local active directory enviroment. then he knows how to setup a CA Athority that can of cause deliver secure certificates.
    for my enviroment i use my active directory to control all computers in my house. you can signin with your credentials on every workstation and access your own personal desktop and files. everything is stored on server side.
    yes i confess. I am a nerd o:)

    i know it would be a major change to the current existing plattform. but how about changing it to a modular format so you can chose your own combination of features and functions? that includes the authorisation part of the server

  • RepetierRepetier
    Only permissions should define what you see. In a alter stage of server we want to make it more configureabal, but that is than for all users. More to optimize how you would iike it to be organized and what functions you want.
  • asatyrasatyr
    edited April 2021
    would be great to attach a network storage. in the linux version you could mount (hardlink) external storage pretty easy. but in the windows version you can´t mount network drives.
    at last it doesn´t list them in the menue.

    Also if possible a batch converting. i got a decent archiv of around 70000 3d models on stock and would like to compile them all to g-code with current default settings ^^
  • RepetierRepetier
    Pi version only has 3 usb storage devices predefined for import. You can define them in global settings->folders easily your self.
  • asatyrasatyr
    My Setup is build up on windows systems.
    the Repetier Server is hosted on a windows server.
  • RepetierRepetier
    Yes, but the folder system exists on all os, only on pi it is preset since we also provide special mount helpers so we know where it gets mounted in this case. For windows we don't know since it gets different driver letters depending on device.
  • FachschaftMKFachschaftMK
    Hey, i was wondering If AD/ldap is still not in Development?
    For Our Usecase it would be great to have Ldap Support, so every User with the corresponding Security Group in the AD can login the Repetier Webpanel and additional Security Groups assign User Permissions in the Repetier Webpanel.
  • RepetierRepetier
    No ldap support planned at the moment.
  • FachschaftMKFachschaftMK
    Repetier said:
    No ldap support planned at the moment.
    Sad to hear :(
    but thank you 
Sign In or Register to comment.