Hi all,
we are trying to get work with Ldap (openldap) authentication..and integrate it with http proxy.
we have a simple ldap structure (only for testing purpose for now) like this :
dc=test,dc=local
|
|--- ou=groups -------- green (member: frank)
| |
| |---- red (member: bob, peter)
|
|----ou=users
|
|----- bob
|----- frank
|----- peter
When we test the authentication (for example we try with user 'frank') ASG reply that this user is member of the group 'green'.
ok...
then we try also with bob or peter but ASG reply always that the group membership is 'green'.. WHY??
I see in the logs of our openldap server that the search string passed by ASG is something like this :
SRCH base="ou=users,dc=test,dc=local" scope=2 deref=0 filter="(&(objectClass=*)(cn=bob))"
and
SRCH attr=mail email emailAddress ?!?!
I think this is wrong because whith this search filter is not possible to determine which group a user belong...
The search string should be something like this :
filter="(&(objectClass=groupOfNames)(member=cn=bob,ou=...,dc=...))"
Some infos that I forgot :
we are using ASG 7.502
(is OpenLDAP supported by Astaro now or programmers are still working?? )
This thread was automatically locked due to age.