[racktables-users] Re: Tagging users
- From: James Osbourn <james.osbourn@xxxxxxxxxx>
- To: "racktables-users@xxxxxxxxxxxxx" <racktables-users@xxxxxxxxxxxxx>
- Date: Thu, 18 Nov 2010 12:29:49 +0000
This sounds similar to what we have. The LDAP auth is in the apache config
file and works fine. It was just when I added a localaccount matching my
username that it failed. I logged out and was not able to log in again with
any password that I had set, local or ldap. I renamed the local user ( could
not find the delete user ) and was able to log in straight away with my ldap
password.
This all seems very strange!
James
-----Original Message-----
From: racktables-users-bounce@xxxxxxxxxxxxx
[mailto:racktables-users-bounce@xxxxxxxxxxxxx] On Behalf Of Tyler J. Wagner
Sent: 18 November 2010 12:27
To: racktables-users@xxxxxxxxxxxxx
Subject: [racktables-users] Re: Tagging users
Hi James,
I do LDAP auth via Apache, and then just have local users. Are you doing
it differently? This seems to work just fine.
My permissions are as so:
allow {$userid_1}
allow {root}
allow {$tab_default}
allow {$page_reports}
allow {usa admins} and {usa}
allow {uk admins} and {uk}
allow {noc_staff} and {$page_ipv4space}
Regards,
Tyler
On Thu, 2010-11-18 at 11:31 +0000, James Osbourn wrote:
> Hi Tyler,
>
> I tried adding myself a local account with a different password. I ended up
> locking myself out of the system. It seems that the local user took
> precedence over the LDAP user.
>
> This is going to cause problems when a user is forced to change their
> password and suddenly they can't log in to racktables. There must be a way
> to do this whether its will local tags or ldap groups that you use to assign
> access.
>
> James
>
> -----Original Message-----
> From: racktables-users-bounce@xxxxxxxxxxxxx
> [mailto:racktables-users-bounce@xxxxxxxxxxxxx] On Behalf Of Tyler J. Wagner
> Sent: 17 November 2010 14:41
> To: racktables-users@xxxxxxxxxxxxx
> Subject: [racktables-users] Re: Tagging users
>
> On Wed, 2010-11-17 at 11:36 +0000, James Osbourn wrote:
> > I have come to an environment where we are using rack tables and have found
> > it to be an interesting application.
> >
> > We are using ldap authentication from and AD domain and I have been asked
> > to setup security to grant different groups of users access to different
> > object for read and editing purposes.
> >
> > From what I have read I can great 2 tags one for the users and one for the
> > object and then I can grant permissions to user in the users tag to the
> > object in the object tag.
> >
> > However, I cannot see any way to tag users who are not defined locally in
> > the database. Am I getting this right or is there a different way to
> > achieve this.
>
> James,
>
> You are doing the same thing I am. As far as I know, you must create the
> users locally, and tag them. You can still use LDAP auth to authenticate
> them, and then it uses the matching local user's tags to determine
> permissions.
>
> Regards,
> Tyler
>
--
"Offending fundamentalists isn't my goal – but if it is an inevitable
side-effect of defending human rights, so be it."
-- Johann Hari
Other related posts:
