Welcome to OCS Inventory NG community support, where you can ask questions and receive answers from other members of the community.

Please ask questions only in English or French.

Release 2.11.1 available

The official documentation can be found on http://wiki.ocsinventory-ng.org. Read it before asking your question.

LDAP connection mapping not OK in OCS 2.5

We have been using LDAP for authentication in OCS v2.3.1

After upgrade (2.3.1 => 2.4 => 2.4.1 => 2.5) to OCS v2.5 it's not working like it should

We have to different rights mappings

CONEX_LDAP_CHECK_FIELD1_NAME => memberOf

CONEX_LDAP_CHECK_FIELD1_VALUE =>CN=Super,OU=GlobalGroups,OU=NL,OU=Groups,DC=myDC,DC=org

CONEX_LDAP_CHECK_FIELD2_ROLE => Super administrators

CONEX_LDAP_CHECK_FIELD2_NAME => memberOf

CONEX_LDAP_CHECK_FIELD2_VALUE =>CN=Admins,OU=GlobalGroups,OU=NL,OU=Groups,DC=myDC,DC=org

CONEX_LDAP_CHECK_FIELD2_ROLE => Administrators

When logging in with an Super Account this works fine (FIELD1)

When logging in with Admins account (FIELD2) I get the error: You are not allowed to connect

The account is logged in, just not mapped to Administrators

I'm shore the authentication is OK. When using the wrong password we get a different error

As a workaround I tried setting:

CONEX_LDAP_CHECK_FIELD2_NAME => department

CONEX_LDAP_CHECK_FIELD2_VALUE =>NL Automation

CONEX_LDAP_CHECK_FIELD2_ROLE => Administrators

After this change I'm unable to login as a Super administrator.

The login method/settings for FIELD1 were not changed, but accounts aren't mapped to Super administrators anymore.

It now shows the error "You are not allowed to connect"

But when logging in with an Admins account (FIELD2) I'm able to login with Administrators rights.

This seems like a bug somewhere in the user rights mapping section.

in OCS Inventory NG server for Unix by (450 points)

2 Answers

0 votes
Hi,

Please read this => https://github.com/OCSInventory-NG/OCSInventory-ocsreports/issues/561. Your are concern also by the problem.

Regards

Frank
by (88.5k points)
0 votes
Hi Frank,

Thanx for the link to github.
It's not clear to me what will be the next action.
Is this under investigation? Do you need some kind of input from our side?
ETA for a solution?

Please let us know if we can help somehow (Although I'm not a programmer, maybe some testing???)

Regard,

Corné
by (450 points)
 
Powered by Question2Answer
...