Hello,
We are currently testing the Pro version of WAPT on a Debian 9 system.
We are able to connect our machines without any problems.
We have several domains in our architecture. These are clearly visible in the console.
How can we restrict package installation to certain users?
We would like:
GroupAdmin1 to only be able to install in domain1.domain
, GroupAdmin2 to only be able to install in domain2.domain
, etc.
Is it possible to create this restriction from the console or the server?
Thank you for your help.
Alban
Multidomain
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
Hello,
in WAPT you manage permissions in the console using keys.
You need to generate three CAs (Certificates of Authenticity): one for each domain plus one global CA.
You will push CA1 to domain 1 and CA2 to domain 2, and you will push CA3 to both domains
(in the wapt\ssl directory).
This way, all keys from CA1 will be able to push actions on domain 1.
All keys from CA2 will have access to domain 2.
All keys from CA3 will be able to push actions on both domains.
Ideally, the keys from CA1 and CA2 should not be code-signing.
Ideally, only keys from CA3 should be able to create packages, as I assume the packages will be common to both sites. (The same applies to groups.)
Regarding the concept of LDAP groups, it's possible, but only by running the installations with waptselfservice.
in WAPT you manage permissions in the console using keys.
You need to generate three CAs (Certificates of Authenticity): one for each domain plus one global CA.
You will push CA1 to domain 1 and CA2 to domain 2, and you will push CA3 to both domains
(in the wapt\ssl directory).
This way, all keys from CA1 will be able to push actions on domain 1.
All keys from CA2 will have access to domain 2.
All keys from CA3 will be able to push actions on both domains.
Ideally, the keys from CA1 and CA2 should not be code-signing.
Ideally, only keys from CA3 should be able to create packages, as I assume the packages will be common to both sites. (The same applies to groups.)
Regarding the concept of LDAP groups, it's possible, but only by running the installations with waptselfservice.
Hello again,
I'm reopening this topic because I might not have understood everything... :/ Sorry!
I can't seem to grasp how it all works.
Could you explain this part in more detail?
Either I'm too focused on the details, or I'm missing something.
For console authentication, do I need to add all the technicians to the waptadmins group?
To differentiate between domain1 and domain2, I must admit I don't see how wapt understands who has access to which domain. Should the "Organization" field when creating CAs correspond to the domain name?
We agree that when creating my certificate for domain1, I use my first self-signed certificate as both the key and certificate?
I don't see the connection between the CA and AD authentication.
Thank you for any answers you can provide.
Alban
I'm reopening this topic because I might not have understood everything... :/ Sorry!
I can't seem to grasp how it all works.
Could you explain this part in more detail?
Either I'm too focused on the details, or I'm missing something.
For console authentication, do I need to add all the technicians to the waptadmins group?
To differentiate between domain1 and domain2, I must admit I don't see how wapt understands who has access to which domain. Should the "Organization" field when creating CAs correspond to the domain name?
We agree that when creating my certificate for domain1, I use my first self-signed certificate as both the key and certificate?
I don't see the connection between the CA and AD authentication.
Thank you for any answers you can provide.
Alban
