Hi Rich,
thanks for the additional pointers. We will look into it some more and report back next week earliest due to some other priorities this week.
Best regards,
Sirko
S
sirko_6724
@sirko_6724
0
Reputation
4
Posts
1
Profile views
0
Followers
0
Following
Best posts made by sirko_6724
This user hasn't posted anything yet.
Latest posts made by sirko_6724
-
RE: Open LDAP and group based permissionsposted in Support
-
RE: Open LDAP and group based permissionsposted in Support
Hi Dan,
thank you for your feedback. Changes to our LDAP server is not an option I'm afraid. It serves hundreds of applications without similar integration problems where user and group relations are understood correctly. To either run two different LDAP configs in parallel or to make sure all applications work flawless with a single adjusted config is currently out of scope for us.
I was hoping that ProGet side LDAP settings could be tuned to understand our generic LDAP.
I will update this post later with our decision how to proceed.
Thank you again and best regards
Sirko -
RE: Open LDAP and group based permissionsposted in Support
Hi Dan,
thank you for your reply. Allow me to share more details below.
They may help to tune the LDAP settings on ProGet side.Dummy user LDAP attributes from our LDAP server:
dn: cn=service_accounts,ou=Departments,dc=innogames,dc=net objectClass: top objectClass: igDepartment cn: service_accounts description: Service Accounts maintained by System Administrationdn: uid=proget-testuser,ou=People,dc=innogames,dc=net uid: proget-testuser mail: proget-testuser.it@innogames.fail sn: tokentest givenName: proget cn: proget testuser birthDate: 1970-01-01 gidNumber: 31279 uidNumber: 31279 homeDirectory: /home/proget-testuser objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: evolutionPerson objectClass: uidObject objectClass: igPerson objectClass: posixAccount igMemberOf: cn=service_accounts,ou=Departments,dc=innogames,dc=net # this is the relation attribute mailVerified: TRUE userPassword:: *SECRET*Current LDAP settings in ProGet:
LDAP Connection Type: OpenLDAP/Generic LDAP Host: login.innogames.de Bind DN: cn=proget-test,ou=Applications,dc=innogames,dc=net Bind Password: *** User Search Base: dc=innogames,dc=net Users: (&(uid=%s)(igMemberOf=cn=proget-test,ou=Applications,dc=innogames,dc=net)) List User's Groups: (&(objectClass=igDepartment)(member=%s)) Group Search Base: ou=Departments,dc=innogames,dc=net Groups: (&(cn=%s)(objectClass=igDepartment)) List Group's Members: (&(objectClass=inetOrgPerson)(igMemberOf=%s)) User name Property Value: uid Display Name Value: displayName Email Property Value: mail Group Name Property Value: cnScreenshots to illustrate the missing user-group relation:
Thank you again and best regards,
Sirko -
Open LDAP and group based permissionsposted in Support
We are evaluating ProGet and have some trouble with the ProGet Open LDAP configuration.
It recognizes users and groups but not user and group relation. Therefore, mapping LDAP groups to permissions does not grant those permissions. It seems ProGet does not look for users in groups but for groups with users. This is the opposite from how our LDAP ID provider operates.
Would you be able to help with troubleshooting this? We are currently and LDAP integrations would be essential.Thank you in advance and best regards,
Sirko