Ossar_178453
Feb 12, 2015Altostratus
AD/LDAP authentication/authorization w/ "Remote Role Groups"
Hello,
I have been experimenting with AD/LDAP auth and have got it working to some extent. However, I am not successful in making the Remote Role Groups work.
It is just lite they are not considered at all. The only way of specifying access is through the "External users" settings on System->Users->Authentication page. If I set the default role to Guest, all users are logged in as guest etc. I need to separate guests from administrators and I understand that should be done with "Remote Role Groups".
If I set the "External users" to "No access" I cannot log in at all, despite the "Remote Role Group" setting.
My configuration:
tmsh show running-config /auth ldap system-auth
auth ldap system-auth {
bind-pw $M$2E$/KZpHL0Oe8xucW3Pgj6D1Q==
check-roles-group enabled
login-attribute samaccountname
search-base-dn OU=Users,OU=Country,OU=Company,DC=top,DC=domain
servers { 10.10.10.10 }
user-template %s@top.domain
}
tmsh show running-config /auth remote-role
auth remote-role {
role-info {
john.doe {
attribute memberOF=CN=john.doe,OU=Users,OU=Country,OU=Company,DC=top,DC=domain
line-order 1
role administrator
user-partition All
}
}
}