Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 2059 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ldap user

GuiGeek
Hi,
I connect my UTM Sophos to a LDAP server .
My users from LDAP worked perflectly . But when users expired they keep working on the UTM .
The UTM would'not check the attribute shadowExpire ...
Someone knows why ?
Thanks for all,
Best regards,
Guillaume Roche
Prefered Partner


This thread was automatically locked due to age.
  • 0
    Hi, please state the Astaro version #, and the LDAP server software and version.

    Barry
  • 0 in reply to BarryG
    Hi,
    the version of the UTM Sophos is : 9.004-34

    The Ldap is OpenLDAP 2.4.28 .

    Thanks for all,
    Best regards,
  • 0
    Salut Guillaume !

    Unfortunately, if you sync a user to the UTM/ASG, the UTM/ASG user object is not automatically disabled when the original corresponding user is deleted or turned off in AD/LDAP.  I believe there's a Feature request for that.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi,
    finally when the user is deleted from the ldap server, the user is desactivated, i can't login to the astaro portal or on the web proxy .
    But it's not deleted of the UTM, the user is already here . 
    Best regards,
    Guillaume Roche
  • 0
    That's right.  The good news is that the synced user in the ASG/UTM cannot be authenticated unless the account is present and enabled in Active Directory.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    But with the openldap even if the user is expired we can use it to UTM/ASG ... [:(]
    Apparently, the UTM/ASG don't check the attribute shadowExpire. 
    With the AD it would not be the same attribute ... too bad ...
Cookie Information Banner