Authentication: LDAP Group Support
It would be nice, if a LDAP-User can authentificate through a LDAP-Group.
This is mandatory yes...
I'd love to be able to use the same appliance that windows have access to and that I saw the online demo of.
This is required if Astaro is to be compatible with Apple OD. Why have Apple Kerberos SSO when you can't have groups for different access levels??? More like a bug then a feature request!
This is also the case with Apple's Open Directory. The comment from "Jean-Baptiste FAREZ" does not work as that ldap filter he speaks of only searches user records and does not look at group records. In these LDAP implementations, the group membership is not stored in the user record. It is stored in a separate group container.
HI, recently I was told by astaro support staff, that you have regarding openldap
a) to use the primary group attribute of an user like the posixAccount uidNumber
b) you could add multiple group attributes to the user by overlays or extensibleObject.
Because .... Astaro looks up the group membership in the USER DN .... not in the Group dn *sigh ....
This is the MS AD or Novel eDirectory-way ... The Enterprise-Way . So I was told...
Please Astaro: Look up the membership in the groups DN ...
Informatique DINAC commented
It does not work either with the LDAP object class groupOfNames
Tim Soderstrom commented
The group filter does not appear to work in my case as our setup is similar to Elmo's. Namely we are using OpenLDAP which has separate containers for groups.
Currently this is only possible if the group attributes are part of the user record (e.g. with the attribute gidNumber). If the membership attribute is part of the group record, for example like this:
I don't see any possibility to use this group with the ASG.
Jean-Baptiste FAREZ commented
Actualy this functionality are already implemented, but you need to apply an "ldap filter" .
Menu : Users / Groups / New group
and then use the following settings :
Group type : backend membership
Backend : LDAP
Check an LDAP attibute
Attribute : gidNumber (may change if you use an custom attribute)
Value : 1000 (as same may change for the group you want)
If you have any question tell me to firstname.lastname@example.org
I it major requirement...