Details
-
Add New Device / OS
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
None
Description
I am running FreeIPA LDAP server and its working fine so far but when i add nested group it doesn't work and authenticate users.
My ldap attributes.
# observium, groups, accounts, foo.com
|
dn: cn=observium,cn=groups,cn=accounts,dc=foo,dc=com
|
member: uid=user1,cn=users,cn=accounts,dc=foo,dc=com
|
member: cn=network-noc,cn=groups,cn=accounts,dc=foo,dc=com
|
objectClass: top
|
objectClass: groupofnames
|
objectClass: nestedgroup
|
objectClass: ipausergroup
|
objectClass: ipaobject
|
objectClass: posixgroup
|
cn: observium
|
description: Observium Users
|
ipaUniqueID: b20c9d9c-0b47-11ea-936d-000c2905d332
|
gidNumber: 26505 |
user1 is individual user which successfully able to authenticate.
network-noc is group which has multiple users which failed to login.
My config.php
$config['auth_mechanism'] = "ldap"; |
$config['auth_ldap_version'] = 3; |
$config['auth_ldap_server'] = "ldap.foo.com"; |
$config['auth_ldap_port'] = 389; |
$config['auth_ldap_starttls'] = FALSE; |
$config['auth_ldap_suffix'] = ",cn=users,cn=accounts,dc=foo,dc=com"; |
$config['auth_ldap_prefix'] = "uid="; |
$config['auth_ldap_groupmembertype'] = "fulldn"; |
$config['auth_ldap_groupmemberattr'] = 'member'; |
$config['auth_ldap_recursive'] = TRUE; |
$config['auth_ldap_group'] = array("cn=observium,cn=groups,cn=accounts,dc=foo,dc=com"); |
$config['auth_ldap_groupbase'] = "cn=groups,cn=accounts,dc=foo,dc=com"; |
$config['auth_ldap_groups']['observium-admin']['level'] = 10; |
$config['auth_ldap_groups']['observium']['level'] = 7; |
what i am missing, why nested group not working ?