Helpme with LDAP Plugin
59 views
Skip to first unread message
Daniel Ayzar
Jan 30, 2015, 3:43:07 AM1/30/15
to pgina...@googlegroups.com
in settings of ldap plugin, in Gateway, I want to add rule "if a member of ldap group" to a particular local group, without setting User DN pattern and group DN pattern, because in my organization, structure ldap is different for users. There are several different organizational units that contain users and groups. I want to know how they could make transparent, if not, I have to configure each computer.
Robert Howe
Jan 30, 2015, 11:05:11 AM1/30/15
to pgina...@googlegroups.com
I'm not sure I understood the question.
First of all, I'm not sure how you could use a rule about LDAP group membership without specifying the group DN pattern in some way.
Are you asking how you could make members of several groups map to a local user group?
Could you perhaps provide some concrete examples?
Robert
Robert Howe - ITS - Idaho State University
IT Systems Integration Analyst
Email: howe...@isu.edu
921 S 8th Ave Stop 8037Pocatello, ID 83209
On Fri, Jan 30, 2015 at 1:43 AM, Daniel Ayzar <daniel...@gmail.com> wrote:
in settings of ldap plugin, in Gateway, I want to add rule "if a member of ldap group" to a particular local group, without setting User DN pattern and group DN pattern, because in my organization, structure ldap is different for users. There are several different organizational units that contain users and groups. I want to know how they could make transparent, if not, I have to configure each computer.
--
You received this message because you are subscribed to the Google Groups "pgina-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pgina-devel...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Daniel Ayzar
Jan 30, 2015, 12:44:33 PM1/30/15
to pgina...@googlegroups.com
In an OU, have users and groups.
Users are members of groups that are in an OU.
We have groups with the same name, and are in different organizational units.
We use Novell ldap.
For example:
user1: cn=u001, ou=sales, o=org
user2: cn=u002, ou=sales, o=org
group1: cn=managers, ou=sales, o=org
group2: cn=users, ou=sales, o=org
"u001" is a member of the group "managers"
"u002" is a member of the group "users"
user3: cn=u003, ou=finance, o=org
user4: cn=u004, ou=finance, o=org
group3: cn=managers, ou=finance, o=org
group4: cn=users, ou=finance, o=org
"u003" is a member of the group "managers"
"u004" is a member of the group "users"
We want users who are members of groups "managers", are in the group "Administrators", in windows. Likewise for the groups "users",
Our organization has several hundred computers, and can not configure the ldap plugin, individually, indicating in each, the user dn pattern and group dn pattern.
Is there any way to configure the ldap plugin, to locate the user in ldap tree, and if found, check to member of group in the same context?
Thanks.
Users are members of groups that are in an OU.
We have groups with the same name, and are in different organizational units.
We use Novell ldap.
For example:
user1: cn=u001, ou=sales, o=org
user2: cn=u002, ou=sales, o=org
group1: cn=managers, ou=sales, o=org
group2: cn=users, ou=sales, o=org
"u001" is a member of the group "managers"
"u002" is a member of the group "users"
user3: cn=u003, ou=finance, o=org
user4: cn=u004, ou=finance, o=org
group3: cn=managers, ou=finance, o=org
group4: cn=users, ou=finance, o=org
"u003" is a member of the group "managers"
"u004" is a member of the group "users"
We want users who are members of groups "managers", are in the group "Administrators", in windows. Likewise for the groups "users",
Our organization has several hundred computers, and can not configure the ldap plugin, individually, indicating in each, the user dn pattern and group dn pattern.
Is there any way to configure the ldap plugin, to locate the user in ldap tree, and if found, check to member of group in the same context?
Thanks.
Robert Howe
Jan 30, 2015, 2:51:23 PM1/30/15
to pgina...@googlegroups.com
Ah, gotcha,I'm not aware of a way to do so currently. You'd likely have to re-write or make a custom fork of the plugin for it to do that automatically (search for user, strip the baseDN off and then reuse that portion in other searches/phases).
Having said that, perhaps someone else is aware of a method to do so
Robert
Robert Howe - ITS - Idaho State University
IT Systems Integration Analyst
Email: howe...@isu.edu
921 S 8th Ave Stop 8037Pocatello, ID 83209
Hans Wurst
Feb 2, 2015, 6:03:31 AM2/2/15
to pgina...@googlegroups.com
short answer, pGina fork
http://mutonufoai.github.io/pgina/documentation/plugins/ldap.html#gateway_options
Daniel Ayzar
Feb 3, 2015, 4:21:56 AM2/3/15
to pgina...@googlegroups.com
Thanks.
Reply all
Reply to author
Forward
0 new messages