Navigation

    Inedo Community Forums

    Forums
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. sirko_6724
    3. Posts
    S
    • Profile
    • Following
    • Followers
    • Topics
    • Posts
    • Best
    • Groups

    Posts made by sirko_6724

    • RE: Open LDAP and group based permissions

      Hi Rich,

      thanks for the additional pointers. We will look into it some more and report back next week earliest due to some other priorities this week.

      Best regards,
      Sirko

      posted in Support
      S
      sirko_6724
    • RE: Open LDAP and group based permissions

      Hi Dan,

      thank you for your feedback. Changes to our LDAP server is not an option I'm afraid. It serves hundreds of applications without similar integration problems where user and group relations are understood correctly. To either run two different LDAP configs in parallel or to make sure all applications work flawless with a single adjusted config is currently out of scope for us.

      I was hoping that ProGet side LDAP settings could be tuned to understand our generic LDAP.

      I will update this post later with our decision how to proceed.

      Thank you again and best regards
      Sirko

      posted in Support
      S
      sirko_6724
    • RE: Open LDAP and group based permissions

      Hi Dan,

      thank you for your reply. Allow me to share more details below.
      They may help to tune the LDAP settings on ProGet side.

      Dummy user LDAP attributes from our LDAP server:

      dn: cn=service_accounts,ou=Departments,dc=innogames,dc=net
objectClass: top
objectClass: igDepartment
cn: service_accounts
description: Service Accounts maintained by System Administration

      dn: uid=proget-testuser,ou=People,dc=innogames,dc=net
uid: proget-testuser
mail: proget-testuser.it@innogames.fail
sn: tokentest
givenName: proget
cn: proget testuser
birthDate: 1970-01-01
gidNumber: 31279
uidNumber: 31279
homeDirectory: /home/proget-testuser
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: evolutionPerson
objectClass: uidObject
objectClass: igPerson
objectClass: posixAccount
igMemberOf: cn=service_accounts,ou=Departments,dc=innogames,dc=net # this is the relation attribute
mailVerified: TRUE
userPassword:: *SECRET*

      Current LDAP settings in ProGet:

      LDAP Connection Type: OpenLDAP/Generic LDAP
Host: login.innogames.de
Bind DN: cn=proget-test,ou=Applications,dc=innogames,dc=net
Bind Password: ***
User Search Base: dc=innogames,dc=net
Users: (&(uid=%s)(igMemberOf=cn=proget-test,ou=Applications,dc=innogames,dc=net))
List User's Groups: (&(objectClass=igDepartment)(member=%s))
Group Search Base: ou=Departments,dc=innogames,dc=net
Groups: (&(cn=%s)(objectClass=igDepartment))
List Group's Members: (&(objectClass=inetOrgPerson)(igMemberOf=%s))
User name Property Value: uid
Display Name Value: displayName
Email Property Value: mail
Group Name Property Value: cn

      Screenshots to illustrate the missing user-group relation:

      look up user.png
      look up group.png

      Thank you again and best regards,
      Sirko

      posted in Support
      S
      sirko_6724
    • Open LDAP and group based permissions

      We are evaluating ProGet and have some trouble with the ProGet Open LDAP configuration.

      It recognizes users and groups but not user and group relation. Therefore, mapping LDAP groups to permissions does not grant those permissions. It seems ProGet does not look for users in groups but for groups with users. This is the opposite from how our LDAP ID provider operates.
      Would you be able to help with troubleshooting this? We are currently and LDAP integrations would be essential.

      Thank you in advance and best regards,
      Sirko

      posted in Support
      S
      sirko_6724
    • 1 / 1