<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<div>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal">How do I get dex to pull down groups for a user? Our company uses Active Directory for ldap, whch I am able to authenticate a user against ok, but I never see any group info in the logs, which we need for tying RBAC to...<br>
<br>
2019-08-01T16:41:02.971260002-04:00 stderr F time="2019-08-01T20:41:02Z" level=info msg="performing ldap search OU=NGIC,DC=NGIC,DC=COM sub (&(objectClass=person)(sAMAccountName=i807154))"<br>
2019-08-01T16:41:02.991102943-04:00 stderr F time="2019-08-01T20:41:02Z" level=info msg="username \"i807154\" mapped to entry CN=Donaldson\, Ian,OU=Permanent,OU=Users,OU=Winston-Salem,OU=Sites,OU=NGIC,DC=NGIC,DC=COM"<br>
2019-08-01T16:41:03.026028235-04:00 stderr F time="2019-08-01T20:41:03Z" level=info msg="login successful: connector \"AD\", username=\"Donaldson, Ian\", email=\"<a href="mailto:Ian.Donaldson@NGIC.COM">Ian.Donaldson@NGIC.COM</a>\", groups=[]"<br>
[CL test] root@plctapconwc001:/var/log/containers #<br>
<br>
Here is my config:<br>
# This is a sample with LDAP as connector.<br>
# Requires a update to fulfill your environment.<br>
connectors:<br>
- type: ldap<br>
id: AD<br>
name: AD<br>
config:<br>
host: <a href="http://adldap.ngic.com:389">adldap.ngic.com:389</a><br>
insecureNoSSL: true<br>
insecureSkipVerify: true<br>
startTLS: true<br>
bindDN: "CN=my bind account"<br>
bindPW: 'password'<br>
usernamePrompt: User Name<br>
userSearch:<br>
baseDN: OU=NGIC,DC=NGIC,DC=COM<br>
filter: "(objectClass=person)"<br>
username: sAMAccountName<br>
#idAttr: DN<br>
#emailAttr: sAMAccountName<br>
#nameAttr: cn<br>
idAttr: DN<br>
emailAttr: mail<br>
nameAttr: cn<br>
groupSearch:<br>
baseDN: OU=NGIC,DC=NGIC,DC=COM<br>
filter: "(objectClass=group)"<br>
#userAttr: distinguishedName<br>
#groupAttr: member<br>
#nameAttr: sAMAccountName<br>
# username: userPrincipalName<br>
userAttr: DN<br>
groupAttr: member<br>
nameAttr: cn<br>
<br>
----------------------------------------------------------------------<br>
Note: Please be aware that unencrypted electronic mail is not secure. For this reason, please do not send any sensitive personal information such
<br>
as your address, driver license, policy number, Social Security Number, or claims information by unencrypted electronic mail. The information
<br>
contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient,
<br>
or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution
<br>
or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying
<br>
to the message and deleting it from your computer. Thank you.<o:p></o:p></p>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<HR>Note: Please be aware that unencrypted electronic mail is not secure. For this reason, please do not send any sensitive personal information such <BR>
as your address, driver license, policy number, Social Security Number, or claims information by unencrypted electronic mail. The information <BR>
contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, <BR>
or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution <BR>
or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying <BR>
to the message and deleting it from your computer. Thank you.<BR>
</body>
</html>