Limiting who can access the Bonobo GIT server via an AD group

[Lars Bingchong]

Hey to your all in the Bonobo GIT server forum,

First of, this is a great piece of software!

I managed to install Bonobo GIT Server on a Windows 2012R2 server and configured it to use Windows Authentication. I was wondering though, if it is possible to limit the users that can actually login to the server. I want them to be able to use their Windows login but as the server is on a system where many users can connect and we would like to limit that to a specific group of users, I'm curious to know if that is possible?

If not I guess I will have to use 'Forms based authentication' and create specific users on the Bonobo GIT Server.

As a bonus question :-) - is it possible to use Single-sign on with Bonobo GIT Server? So that if I'm already logged in with a user that can access the server I'm logged in, without being prompted for my credentials.

I have looked through the Google Group - all the posts - but did not find an answer to my question.

Though I did find some good finds:

1- https://groups.google.com/forum/#!topic/bonobo-git-server/2edN7kJDkGc - group AD integration
2- https://groups.google.com/forum/#!topic/bonobo-git-server/aG5fakoHEvY - about AD integration

Which tells me I can use AD integration. However does that make me able to limit which users can login to the GIT server? I want to make sure that only users that are members of a specific AD group can login to the GIT Server by using Windows Authentication. Because allowing all users to login would make it possible for users that certainly are not welcome to login because of the use of Windows Authentication.

Thank you tremendously and I'm looking forward to hear from you guys and girls.

Best regards and have a great day.

[Jakub Chodounský]

Hi Lars,

it is not possible to limit login (you can either enable or disable it for all new AD users), but you can limit what repositories people can see and access with the group management. As you mentioned, there is group synchronization between AD and Bonobo that means that you can create a group with a same name in Bonobo and it will pick up the users from AD, but you might be fine with just managing users through Bonobo without any synchronization. So users will be able to login, but they won't be able to access or see any of the repositories.

Hope that helps,

Cheers

Jakub

[Lars Bingchong]

HI Jakub,

Thank you for your reply. It helps a lot. One thing though. Is this on the upcoming features list? It would be very helpful to have. As it seems both a little insecure as well as unnecessary that users not in an some AD group, can still login, but just can't see anything on the Bonobo GIT Server :-) - I hope you follow me. So?

Again thank you.
Lars

[Alex S]

I'd love that feature too!

Thanks Jakub for the awesome piece of software.

Alex

[Jakub Chodounský]

Unfortunately it's not on the feature list and it would require to redesign the whole AD authentication mechanism currently built in I think.

Thank you guys for the feedback, hope you'll stick with Bonobo despite that.