[Lam-public] Ldap filter and overlay memberof
Brought to you by:
gruberroland
Menu
▾
▴
[Lam-public] Ldap filter and overlay memberof
|
From: PASCAL C. <pas...@ed...> - 2014-04-17 10:41:03
|
Hello, I want to give access to users (technicians) only list machines Samba domain. For this, I created a profile that displays the machines : General settings/Server settings Tree suffix = empty Access level = Read-only General settings/Tool settings Hidde tools = all the hidden tools General settings/Security settings Login method = LDAP search LDAP suffix : dc=mycompany.fr,dc=local LDAP filter : (&(objectclass=inetOrgPerson)(memberof=cn=LamHosts,ou=applications,dc=mycompany.fr,dc=local)) Account types : Hosts (LDAP suffix+List attributes) ACL in slapd.conf: access to * by group.base="cn=LamHosts,ou=applications,dc=mycompany.fr,dc=local" read The LDAP filter works if the "groupOfNames" LamHosts contains only one "member" attribute (e.g. member: uid=toto,ou=users,dc=mycompany,dc=local) In this case, the login works and the user "toto" can clearly see the list of machines. On the other hand, if I add a new "member" attribute (e.g. member: uid=titi,ou=users,dc=mycompany,dc=local) in the "groupOfNames" LamHosts, titi user (or any other user of the ldap directory) can not connect to the Lam application and the following error message appears : "The Message Given user name matches multiple LDAP entries." Ldapsearch command with filter on the server console : ldapsearch -x -D "uid=ldapadmin,ou=sysusers,dc=local" -W -b "dc=mycompany.fr,dc=local" -xLLL "(&(objectclass=inetOrgPerson)(memberof=cn=LamHosts,ou=applications,dc=mycompany.fr,dc=local))" uid Result : dn: uid=titi,ou=users,dc=mycompany.fr,dc=local uid: titi dn: uid=toto,ou=users,dc=mycompany.fr,dc=local uid: toto I continue my research but am taking an idea, track, advice or solution if you know. Thanks. Pascal (Lam Pro 4.5) |
