[caasp-beta] Dex AD group membership not showing
Donaldson, Ian
Ian.Donaldson at NGIC.COM
Tue Aug 6 09:58:10 MDT 2019
How do I get dex to pull down groups for a user? Our company uses Active Directory for ldap, whch I am able to authenticate a user against ok, but I never see any group info in the logs, which we need for tying RBAC to...
2019-08-01T16:41:02.971260002-04:00 stderr F time="2019-08-01T20:41:02Z" level=info msg="performing ldap search OU=NGIC,DC=NGIC,DC=COM sub (&(objectClass=person)(sAMAccountName=i807154))"
2019-08-01T16:41:02.991102943-04:00 stderr F time="2019-08-01T20:41:02Z" level=info msg="username \"i807154\" mapped to entry CN=Donaldson\, Ian,OU=Permanent,OU=Users,OU=Winston-Salem,OU=Sites,OU=NGIC,DC=NGIC,DC=COM"
2019-08-01T16:41:03.026028235-04:00 stderr F time="2019-08-01T20:41:03Z" level=info msg="login successful: connector \"AD\", username=\"Donaldson, Ian\", email=\"Ian.Donaldson at NGIC.COM<mailto:Ian.Donaldson at NGIC.COM>\", groups=[]"
[CL test] root at plctapconwc001:/var/log/containers #
Here is my config:
# This is a sample with LDAP as connector.
# Requires a update to fulfill your environment.
connectors:
- type: ldap
id: AD
name: AD
config:
host: adldap.ngic.com:389<http://adldap.ngic.com:389>
insecureNoSSL: true
insecureSkipVerify: true
startTLS: true
bindDN: "CN=my bind account"
bindPW: 'password'
usernamePrompt: User Name
userSearch:
baseDN: OU=NGIC,DC=NGIC,DC=COM
filter: "(objectClass=person)"
username: sAMAccountName
#idAttr: DN
#emailAttr: sAMAccountName
#nameAttr: cn
idAttr: DN
emailAttr: mail
nameAttr: cn
groupSearch:
baseDN: OU=NGIC,DC=NGIC,DC=COM
filter: "(objectClass=group)"
#userAttr: distinguishedName
#groupAttr: member
#nameAttr: sAMAccountName
# username: userPrincipalName
userAttr: DN
groupAttr: member
nameAttr: cn
----------------------------------------------------------------------
Note: Please be aware that unencrypted electronic mail is not secure. For this reason, please do not send any sensitive personal information such
as your address, driver license, policy number, Social Security Number, or claims information by unencrypted electronic mail. The information
contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient,
or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution
or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying
to the message and deleting it from your computer. Thank you.
----------------------------------------------------------------------
Note: Please be aware that unencrypted electronic mail is not secure. For this reason, please do not send any sensitive personal information such
as your address, driver license, policy number, Social Security Number, or claims information by unencrypted electronic mail. The information
contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient,
or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution
or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying
to the message and deleting it from your computer. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20190806/da6517fe/attachment.html>
More information about the caasp-beta
mailing list