9 comments

Add a comment…

Sign in

prestine

Your email address

Check!

invalid email

(thinking…)

Reset

or sign in with

• 
• 

UserVoice password

Forgot password?

Create a password

Your name

I agree to the terms of service

Signed in as (Sign out)

Close

Close

Post comment Submitting...

• Anonymous commented  ·  August 18, 2012 6:36 p.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  I'd love to be able to use the same appliance that windows have access to and that I saw the online demo of.

• rob commented  ·  August 17, 2012 9:05 p.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  This is required if Astaro is to be compatible with Apple OD. Why have Apple Kerberos SSO when you can't have groups for different access levels??? More like a bug then a feature request!

• Scott commented  ·  August 1, 2012 10:57 a.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  This is also the case with Apple's Open Directory. The comment from "Jean-Baptiste FAREZ" does not work as that ldap filter he speaks of only searches user records and does not look at group records. In these LDAP implementations, the group membership is not stored in the user record. It is stored in a separate group container.

• G.Reinicke commented  ·  June 7, 2011 8:26 a.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  HI, recently I was told by astaro support staff, that you have regarding openldap

  a) to use the primary group attribute of an user like the posixAccount uidNumber

  or

  b) you could add multiple group attributes to the user by overlays or extensibleObject.

  Because .... Astaro looks up the group membership in the USER DN .... not in the Group dn *sigh ....

  This is the MS AD or Novel eDirectory-way ... The Enterprise-Way . So I was told...

  Please Astaro: Look up the membership in the groups DN ...

• Informatique DINAC commented  ·  March 21, 2011 9:24 a.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  It does not work either with the LDAP object class groupOfNames
  dn: cn=admins,ou=groups,dc=example,dc=com
  cn: admins
  member: cn=admin1,ou=users,dc=example,dc=com
  member: cn=admin2,ou=users,dc=example,dc=com
  member: cn=admin3,ou=users,dc=example,dc=com
  ....

• Tim Soderstrom commented  ·  February 10, 2011 12:33 p.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  +1

  The group filter does not appear to work in my case as our setup is similar to Elmo's. Namely we are using OpenLDAP which has separate containers for groups.

• Elmo commented  ·  November 1, 2010 5:02 a.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  Currently this is only possible if the group attributes are part of the user record (e.g. with the attribute gidNumber). If the membership attribute is part of the group record, for example like this:

  dn: cn=admins,ou=groups,dc=example,dc=com
  cn: admins
  description: Administratoren
  gidNumber: 1001
  structuralObjectClass: posixGroup
  creatorsName: cn=admin,dc=example,dc=com
  objectClass: top
  objectClass: posixGroup
  memberUid: john.doe
  memberUid: clark.stevens

  I don't see any possibility to use this group with the ASG.

• Jean-Baptiste FAREZ commented  ·  September 10, 2010 2:05 a.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  Actualy this functionality are already implemented, but you need to apply an "ldap filter" .

  Menu : Users / Groups / New group
  and then use the following settings :

  Group type : backend membership
  Backend : LDAP
  Check an LDAP attibute
  Attribute : gidNumber (may change if you use an custom attribute)
  Value : 1000 (as same may change for the group you want)

  That's all.

  If you have any question tell me to jbfarez@gmail.com

• satish commented  ·  August 29, 2010 11:38 p.m.  ·  Flag as inappropriateFlag as inappropriate  ·  Delete

  I it major requirement...