Hi, just trying to use LDAP for authentication and having a problem getting access to environments by LDAP groups. Sorry if I’m being stupid but this is really hard to debug as it just ‘doesn’t work’ and I know our LDAP is configured a little oddly.
We use 389DS but I’m using the LDAP config as it’s not very like AD. I have users under ou=People,dc=pibenchmark,dc=com and groups under ou=Groups,dc=pibenchmark,dc=com
OpenLDAP config is:
Server: ldap.p-i.net:389
TLS: No
Service Account: cn=Directory Manager
Search Base: dc=pibenchmark,dc=com
Users
Object Class: inetOrgPerson
Login Field: uid
Name Field: cn
Search Field: uid
Status Field:
Disabled BitMask: 0
Group
Object Class: groupofuniquenames
Name Field: cn
Search Field: cn
Group Member User Attribute: dn
Group Member Mapping Attribute: uniqueMember
Group DN field: cn
Users can now log in using LDAP credentials. I can find and attach the group cn=rancher-test to my test environment ok. However the user I’m testing doesn’t have access to the test environment even though he’s in the rancher-test group. Is there something simple I’m missing?
User:
dn=uid-timmy.test,ou=People,dc=pibenchmark,dc=com
uid=timmy.test
cn=timmy.test
objectClass=inetOrgPerson
Group:
dn=cn=rancher-test,ou=Groups,dc=pibenchmark,dc=com
cn=rancher-test
objectClass=groupOfUniqueNames
uniqueMember=uid=timmy.test,ou=People,dc=pibenchmark,dc=com