[racktables-users] Re: AD groups do not work for Write permission.
- From: "Manochehri, Tim" <Tim.Manochehri@xxxxxxxxxxxxxxxx>
- To: <racktables-users@xxxxxxxxxxxxx>
- Date: Thu, 11 Aug 2011 10:04:34 -0700
Here are the LDAP_options section:
$LDAP_options = array
(
'server' => 'abc.acme.com',
'domain' => 'abc.acme.com',
'search_attr' => 'uid',
'group_attr' => 'memberof',
'cache_refresh' => 300,
'cache_retry' => 15,
'cache_expiry' => 600,
);
Authentication works fine.. Just AD group membership is failing.
Tim Manochehri
Sr. Unix Systems Engineer
Bluedof California {EDH}
Desk: 916-350-8819
Cell: 916-203-5724
How am I doing? Send a note to my Boss
Please see our website for more info on SFTP related tasks.
http://www.myworkpath.com/sftp **Internal use only**
Confidentiality Notice: This e-mail message, including attachments, is
for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.
-----Original Message-----
From: racktables-users-bounce@xxxxxxxxxxxxx
[mailto:racktables-users-bounce@xxxxxxxxxxxxx] On Behalf Of Manochehri,
Tim
Sent: Thursday, August 11, 2011 9:33 AM
To: racktables-users@xxxxxxxxxxxxx
Subject: [racktables-users] Re: AD groups do not work for Write
permission.
This is in our secret.php file.
$user_auth_src = 'ldap';
$require_local_account = FALSE;
So its safe to say it is suppose to be Full LDAP.
Both Authentication and Group Membership should work - correct?
Tim Manochehri
Sr. Unix Systems Engineer
Bluedof California {EDH}
Desk: 916-350-8819
Cell: 916-203-5724
How am I doing? Send a note to my Boss
Please see our website for more info on SFTP related tasks.
http://www.myworkpath.com/sftp **Internal use only**
Confidentiality Notice: This e-mail message, including attachments, is
for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.
-----Original Message-----
From: racktables-users-bounce@xxxxxxxxxxxxx
[mailto:racktables-users-bounce@xxxxxxxxxxxxx] On Behalf Of Denis
Ovsienko
Sent: Wednesday, August 10, 2011 10:37 PM
To: racktables-users@xxxxxxxxxxxxx
Subject: [racktables-users] Re: AD groups do not work for Write
permission.
> Verified user is in the gs-netcool-noc Group name in AD. If I tag the
> user with the NOC Team group then login I get the write permissions.
Untag it I can only view objects.
>
> Please advise...
The reason may be that the LDAP groups are not translated into "lgcn"
autotags. In that case the Permissions handling code wouldn't have the
input facts necessary to make the decision to "allow". To check if the
autotags are there, trigger a "permission denied" message for the user.
Once there are no "lgcn" autotags in the dump, this means that LDAP
group mapping is not configured (properly). In this case the following
page should help:
https://sourceforge.net/apps/mediawiki/racktables/index.php?title=LDAP
--
Denis Ovsienko
Other related posts:
