|
|
| Reporter | iar | Assigned To | | |
|---|
| Priority | normal | Severity | minor | Reproducibility | always |
|---|
| Status | acknowledged | Resolution | open | |
|---|
| Platform | Linux | OS | CentOS | OS Version | 6.3 |
|---|
| Product Version | 0.19.10 | |
|---|
|
|
| Summary | 665: LDAP / AD auth with $lgcn_groupname can not use users primary AD group |
|---|
| Description | Using LDAP authentication with AD server and $lgcn_groupname to allow AD groups access to Racktables.
The Primary group of the AD users can not be used in $lgcn_groupname most likely because a users primary group is not part of the "memberof" attribute.
See: http://msdn.microsoft.com/en-us/library/ms677943.aspx
"The memberOf attribute is a multi-valued attribute that contains groups of which the user is a direct member, except for the primary group, which is represented by the primaryGroupId."
Browsed the code in 0.20.1 but it does not look like it supports the primary group either but I have not tested it yet. |
|---|
| Steps To Reproduce | Configure Racktables with AD authentication.
Create AD user as a member of two groups: groupA, groupB
Set Racktables permissions: allow {$lgcn_groupA}
Set users primary group as groupB and user can log in.
Set users primary group as groupA and user can not log in.
|
|---|
| Additional Information | http://msdn.microsoft.com/en-us/library/ms677943.aspx
|
|---|
| Tags | No tags attached. |
|---|
|
|
