LDAP parameter staff not working?
176 views
Skip to first unread message
Santi Gomez
Feb 9, 2016, 7:24:09 AM2/9/16
to RatticDB
Hello!
I wanted to test Ratticdb but I'm having trouble with the LDAP authentication. I can authenticate fine with an AD account called User1 that is in the OU "IT Standard Accounts" but is not making it part of the staff even tough my baseDN and staff are the same.
My configuration is something like this.
[ldap]
uri = ldap://serverad01
binddn = us...@example.com
bindpw = *****pass****
userbase = OU=IT Standard Accounts,OU=Users,DC=Example,DC=com
userfilter = (sAMAccountName=%(user)s)
groupbase = OU=IT Standard Accounts,OU=Users,DC=Example,DC=com
groupfilter = (objectClass=group)
grouptype = ActiveDirectoryGroupType
staff = OU=IT Standard Accounts,OU=Users,DC=Example,DC=com
requirecert = false
referrals = false
loglevel = DEBUG
I can't see anything in the error_log and tried to manually alter the DB to make the user part of staff but during the next log the DB was updated and the is_staff column went back to 0 so is being updated fine but for some reason not reading the staff parameter of mi local.cfg
I did try to modify my userbase and staff to another OU and had the same problem, could log in but the user was not part of staff.
Any suggestions?
Caleb Call
Feb 9, 2016, 11:38:38 AM2/9/16
to Santi Gomez, RatticDB
Try and specify a CN for staff. Not sure if that makes a difference, but ours is working.
Ours looks like the following for staff:
staff = CN=g.acl.rattic,OU=Groups,OU=DOMAIN_Accounts,DC=domain,DC=com
Ours looks like the following for staff:
staff = CN=g.acl.rattic,OU=Groups,OU=DOMAIN_Accounts,DC=domain,DC=com
Santi Gomez
Feb 9, 2016, 12:45:23 PM2/9/16
to RatticDB, sant...@gmail.com
Hello,
Have been the last few hours testing different settings and finally got it working with the set up I need. The changes are:
userfilter = (&(sAMAccountName=%(user)s)(memberOf:1.2.840.113556.1.4.1941:=cn=Rattic Users,ou=Application Groups,ou=Groups,dc=Example,dc=com))
groupbase = ou=Application Groups,ou=Groups,dc=Example,dc=com
staff = cn=Rattic Users,ou=Application Groups,ou=Groups,dc=Example,dc=com
Probably was setting up a CN for staff but I did several changes at the same time so I'm not sure what solved it.
Ugandhar Nrs
Sep 24, 2016, 4:58:57 AM9/24/16
to RatticDB, sant...@gmail.com
Hi Santi,
we have configured the below mentioned details to RatticDB config file, but LDAP not working, please help on this.
# LDAP Settings
uri = ldap://ip:389
binddn =
bindpw =
userbase = ou=Users,dc=Domain,dc=com
userfilter = (&(sAMAccountName=%(user)s)(memberOf:1.2.840.113556.1.4.1941:=cn=Staff,ou=Groups,dc=domain,dc=com))
groupbase = ou=Users,dc=domain,dc=com
groupfilter = (objectClass=groupOfNames)
grouptype = ActiveDirectoryGroupType
staff = cn=Staff,ou=Users,dc=domain,dc=com
requirecert = False
loglevel=DEBUG
In AD we configured as Domain.com->users(OU)->Staff(group).
Regards,
Ugandhar
Santi Gomez
Sep 26, 2016, 6:10:51 AM9/26/16
to RatticDB, sant...@gmail.com
Hi,
I can see right away that the tags gropbase, staff userfilter are not the same. So if you have Domain.com->users(OU)->Staff(group) the userfilter should be cn=Staff,ou=Users,dc=domain,dc=com
Also, I have a different group filter that following your names will be
groupfilter = (&(objectCategory=group)(cn=Staff*))
Also, binddn and bindpw are compulsory if you are using windows AD.
Reply all
Reply to author
Forward
0 new messages