Support for group parameter with Active Directory Authentication
|Assignee:||Javi Fontan||% Done:|
|Category:||Drivers - Auth|
|Target version:||Release 4.6|
|Affected Versions:||OpenNebula 4.4|
This patch makes the group option in ldap_auth.conf working with Active Directory servers.
#2 Updated by Javi Fontan over 5 years ago
The proposed change will make the ldap configuration parameter
user_group_field unusable. The driver was tested with Active directory ad groups seem to work. The values used in the tested configuration:
server 1: :user: 'some_user@OPENNEBULA.ORG' :password: 'the_password' :auth_method: :simple :host: localhost :port: 389 :base: 'dc=opennebula,dc=org' # Make sure you use the full DN of the group :group: 'CN=Administrators,CN=Builtin,DC=opennebula,DC=org' :user_field: 'sAMAccountName' :group_field: 'member' :order: - server 1
The driver does not recursively search for the groups a user belongs to so they should be directly in that group, not in a group that belongs to that group.