nippunsan
04-11-2010, 08:55 PM
I've been using the basic LDAP feature for a while for user authentication and finally decided to use LDAP groups to put automagically use the groups for people for new users, so that I don't have to keep manually adding them to a local group.
I am facing the problems while getting this functionality to work.
Searchbase for users is dc=users,dc=company
Searchbase for groups is dc=Groups,dc=company
I can add the LDAP group fine. But the users don't show up in the group on login. What am I doing wrong? What do I need to change?
My LDAP settings are something like this:
<service id="10" href="https://wiki/@api/deki/site/services/10">
<config>
<value key="groupmembershipquery">(&(uniqueMember=$1)(objectClass=groupOfUniqueNames))</value>
<value key="userquery">(&(uid=$1)(objectClass=person))</value>
<value key="groupquery"> (&(objectClass=groupOfUniqueNames)(cn=$1))</value>
<value key="displayname-pattern">{gecos}</value>
<value key="hostname">unixhost</value>
<value key="searchbase">dc=company</value>
<value key="bindingdn">uid=$1,dc=users,dc=company</value>
<value key="groupnameattribute">cn</value>
</config>
<date.modified>2008-07-23T11:25:35Z</date.modified>
<description>LDAP</description>
<init>native</init>
<lasterror></lasterror>
<local deprecated="true">true</local>
<preferences></preferences>
<sid>http://services.mindtouch.com/deki/stable/2007/05/ldap-authentication</sid>
<status>enabled</status>
<type>auth</type>
<uri>https://wiki/@api/deki/services/default/10</uri>
</service>
My ldapsearch query for groups comes out like this:
ldapsearch -h unixhost -D "uid=nippun,dc=users,dc=company" -b "dc=company" -W -x "(&(objectClass=groupOfUniqueNames)(cn=WIKIGRP))"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=company> with scope subtree
# filter: (&(objectClass=groupOfUniqueNames)(cn=WIKIGRP))
# requesting: ALL
#
# WIKIGRP, Application Groups.Groups.company
dn: cn=WIKIGRP,dc=Application Groups,dc=Groups,dc=company
uniqueMember: UID=nippun,dc=Users,dc=company
uniqueMember: UID=user1,dc=Users,dc=company
uniqueMember: UID=user2,dc=Users,dc=company
owner: cn=Wiki-Admins,dc=Application Owners Groups,dc=Groups,dc=company
description: Wiki
objectClass: top
objectClass: groupOfUniqueNames
objectClass: GROUPOFURLS
cn: WIKIGRP
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Appreciate any help on this.
I am facing the problems while getting this functionality to work.
Searchbase for users is dc=users,dc=company
Searchbase for groups is dc=Groups,dc=company
I can add the LDAP group fine. But the users don't show up in the group on login. What am I doing wrong? What do I need to change?
My LDAP settings are something like this:
<service id="10" href="https://wiki/@api/deki/site/services/10">
<config>
<value key="groupmembershipquery">(&(uniqueMember=$1)(objectClass=groupOfUniqueNames))</value>
<value key="userquery">(&(uid=$1)(objectClass=person))</value>
<value key="groupquery"> (&(objectClass=groupOfUniqueNames)(cn=$1))</value>
<value key="displayname-pattern">{gecos}</value>
<value key="hostname">unixhost</value>
<value key="searchbase">dc=company</value>
<value key="bindingdn">uid=$1,dc=users,dc=company</value>
<value key="groupnameattribute">cn</value>
</config>
<date.modified>2008-07-23T11:25:35Z</date.modified>
<description>LDAP</description>
<init>native</init>
<lasterror></lasterror>
<local deprecated="true">true</local>
<preferences></preferences>
<sid>http://services.mindtouch.com/deki/stable/2007/05/ldap-authentication</sid>
<status>enabled</status>
<type>auth</type>
<uri>https://wiki/@api/deki/services/default/10</uri>
</service>
My ldapsearch query for groups comes out like this:
ldapsearch -h unixhost -D "uid=nippun,dc=users,dc=company" -b "dc=company" -W -x "(&(objectClass=groupOfUniqueNames)(cn=WIKIGRP))"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=company> with scope subtree
# filter: (&(objectClass=groupOfUniqueNames)(cn=WIKIGRP))
# requesting: ALL
#
# WIKIGRP, Application Groups.Groups.company
dn: cn=WIKIGRP,dc=Application Groups,dc=Groups,dc=company
uniqueMember: UID=nippun,dc=Users,dc=company
uniqueMember: UID=user1,dc=Users,dc=company
uniqueMember: UID=user2,dc=Users,dc=company
owner: cn=Wiki-Admins,dc=Application Owners Groups,dc=Groups,dc=company
description: Wiki
objectClass: top
objectClass: groupOfUniqueNames
objectClass: GROUPOFURLS
cn: WIKIGRP
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Appreciate any help on this.