This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LDAP and End User Portal

I've got my ASG 7.104 set up to do back-end authentication to an Apple Open Directory LDAP server, and its working fine for Web proxy stuff. I'm trying to use it for SSL-VPN as well, but I can't even get the end user portal to admit people who are in the same group as is working for proxy. The user group is added to the allow list for the end user portal.

The users have successfully authenticated to the proxy, and when the user tries to log-in to the end user portal, the Open Directory server sees the request and authorizes the password, but the astaro denies entry to the portal. Ideas?

This thread was automatically locked due to age.

Parents

0 lkar over 17 years ago

Did you set up the option to automatically create users under Users --> authentication ?
Cancel
Vote Up 0 Vote Down

Cancel
0 ecallis over 17 years ago in reply to lkar

but I know under eDirectory you don't need to do that. Is it different for LDAP?
Cancel
Vote Up 0 Vote Down

Cancel
0 lkar over 17 years ago in reply to ecallis

In order for end user portal to work, a user account is needed to be present, for the accessing user, in astaro users' database. In order to sync between eDirectory and Astaro users database, you need to enable the setting I mentioned in my previous post.
Cancel
Vote Up 0 Vote Down

Cancel
0 Brainscanner over 17 years ago in reply to lkar

In order for end user portal to work, a user account is needed to be present, for the accessing user, in astaro users' database. In order to sync between eDirectory and Astaro users database, you need to enable the setting I mentioned in my previous post.

That was a good hint! Now at least LDAP works in my case. Unfortunately the option "Create users automatically" didn't work for me. But if the user had been previously been created manually as remote auth user one could log in.

As I see it, the remote auth schemes, especially Active Directory is a big issue with Astaro... maybe the upcoming updates could focus on that.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Brainscanner over 17 years ago in reply to lkar

In order for end user portal to work, a user account is needed to be present, for the accessing user, in astaro users' database. In order to sync between eDirectory and Astaro users database, you need to enable the setting I mentioned in my previous post.

That was a good hint! Now at least LDAP works in my case. Unfortunately the option "Create users automatically" didn't work for me. But if the user had been previously been created manually as remote auth user one could log in.

As I see it, the remote auth schemes, especially Active Directory is a big issue with Astaro... maybe the upcoming updates could focus on that.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 lkar over 17 years ago in reply to Brainscanner

In my case the "create users automatically" setting is working. The difference between us is that I use AD for Web Proxy Authentication only. For the rest I am using Radius through Microsoft IAS service.
Cancel
Vote Up 0 Vote Down

Cancel
0 Brainscanner over 17 years ago in reply to lkar

Hm, that was a mistake, I ment Radius when I wrote LDAP. But I think that shouldn't make a difference, should it? So, create automatically should work with either of them...
Cancel
Vote Up 0 Vote Down

Cancel
0 lkar over 17 years ago in reply to Brainscanner

Yes, it works for both of them. The only exception is the Active Directory. One reason that the automatic user creation may fail, is when you have a previously created user with the same email address with the user you are trying to sync to.
Cancel
Vote Up 0 Vote Down

Cancel