[wpkg-users] WPKG selectivity based on Windows AD security groups membership

Rainer Meier r.meier at wpkg.org
Sat Feb 27 18:09:36 CET 2010


Hi Vasiris,

On 27.02.2010 14:14, Vasaris wrote:
>     One question more question. For now in Windows AD Software deployment, one can define MSI package deployment, based on computer accounts membership in certain security groups.
>     WPKG uses computers lists, packages list and etc. Is it possible to use AD security group membership information in WPKG depoyment scenarios, like in a way for exampe Squid-NT uses groups for proxy permissions model enforcement? It is like, I define package, and tie that package to the security group, which has machine accounts assigned. When the WPKG client or the server-side script executes, it checks the current computer name and its membership on the security groups, defined on the packages. If there is match, package is depoyed. If no - skipped.

There is a patch attached to some Bugzilla entry adding AD-Integration to
wpkg.js. However it never made its way into the official wpkg.js yet. I planned
to integrate such support into a future release of WPKG but I did not have time
yet to complete the work on it. So you might try the modified version based on
an older WPKG.
One of the reasons I have been reluctant to integrate this code without any
approval is the testing effort attached to it. I do not operate AD here (just
Samba domains) and the modification includes quite a lot of code which will have
to be supported as well.
So for the moment we stick to XML package/host/profile definition.


br,
Rainer



More information about the wpkg-users mailing list