[racktables-users] Re: AD groups do not work for Write permission.

  • From: "Manochehri, Tim" <Tim.Manochehri@xxxxxxxxxxxxxxxx>
  • To: <racktables-users@xxxxxxxxxxxxx>
  • Date: Thu, 11 Aug 2011 10:36:51 -0700

Nevermind... I figured it out.

I just used the base dn of abc.acme.com for the search_dn 
And all is well now... AD group membership is working correctly now.

Thanks Dennis for your help and rapid response!


Tim Manochehri
Sr. Unix Systems Engineer
 
Confidentiality Notice:  This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure or 
distribution is prohibited.  If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.
 

-----Original Message-----
From: racktables-users-bounce@xxxxxxxxxxxxx 
[mailto:racktables-users-bounce@xxxxxxxxxxxxx] On Behalf Of Manochehri, Tim
Sent: Thursday, August 11, 2011 10:22 AM
To: racktables-users@xxxxxxxxxxxxx
Subject: [racktables-users] Re: AD groups do not work for Write permission.


Well our users are in various OU's... Not in a single OU.

So the base of "'search_dn' => 'OU=Users,DC=example,DC=com'," would never work 
in our Environment.
 
Any ideas?

Tim Manochehri
Sr. Unix Systems Engineer

Confidentiality Notice:  This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure or 
distribution is prohibited.  If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.
 

-----Original Message-----
From: racktables-users-bounce@xxxxxxxxxxxxx 
[mailto:racktables-users-bounce@xxxxxxxxxxxxx] On Behalf Of Denis Ovsienko
Sent: Thursday, August 11, 2011 10:13 AM
To: racktables-users@xxxxxxxxxxxxx
Subject: [racktables-users] Re: AD groups do not work for Write permission.

11.08.2011, 21:04, "Manochehri, Tim" <Tim.Manochehri@xxxxxxxxxxxxxxxx>:
> Here are the LDAP_options section:
>
> $LDAP_options = array
> (
>         'server' => 'abc.acme.com',
>         'domain' => 'abc.acme.com',
>         'search_attr' => 'uid',
>         'group_attr' => 'memberof',
>         'cache_refresh' => 300,
>         'cache_retry' => 15,
>         'cache_expiry' => 600,
> );
>
> Authentication works fine.. Just AD group membership is failing.

For the group membership to work, AD would require a different configuration 
(check out the sample AD config on wiki). The matter is, LDAP search mode must 
work to get the group information from the server.

-- 
    Denis Ovsienko

Other related posts:

  1. Home
  2. racktables-users
  3. Archive
  4. 08-2011