View Issue Details

IDProjectCategoryView StatusLast Update
665RackTablesdefaultpublic2013-01-10 16:50
Reporteriar Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status acknowledgedResolutionopen 
PlatformLinuxOSCentOSOS Version6.3
Product Version0.19.10 
Summary665: LDAP / AD auth with $lgcn_groupname can not use users primary AD group
DescriptionUsing LDAP authentication with AD server and $lgcn_groupname to allow AD groups access to Racktables.

The Primary group of the AD users can not be used in $lgcn_groupname most likely because a users primary group is not part of the "memberof" attribute.

See: http://msdn.microsoft.com/en-us/library/ms677943.aspx

"The memberOf attribute is a multi-valued attribute that contains groups of which the user is a direct member, except for the primary group, which is represented by the primaryGroupId."

Browsed the code in 0.20.1 but it does not look like it supports the primary group either but I have not tested it yet.
Steps To ReproduceConfigure Racktables with AD authentication.

Create AD user as a member of two groups: groupA, groupB

Set Racktables permissions: allow {$lgcn_groupA}

Set users primary group as groupB and user can log in.
Set users primary group as groupA and user can not log in.
Additional Informationhttp://msdn.microsoft.com/en-us/library/ms677943.aspx
TagsNo tags attached.

Activities

infrastation

infrastation

2012-11-12 22:31

administrator   ~0000985

primaryGroupID is a 32-bit number requiring additional decoding. So far I don't see a quick and proper fix for this issue. Sticking with the secondary groups only could be a workaround.
infrastation

infrastation

2013-01-10 16:50

administrator   ~0001083

This issue will remain open for a while.

Issue History

Date Modified Username Field Change
2012-11-12 16:11 iar New Issue
2012-11-12 22:31 infrastation Note Added: 0000985
2013-01-10 16:50 infrastation Note Added: 0001083
2013-01-10 16:50 infrastation Status new => acknowledged