- marked as minor
Alias Groups
Issue #1056
closed
Hello,
First i want to thank you for this great archive solution.
I have a problem with alias groups,
I use Freeipa for my users and i have groups which contains multiple users.
the issue is that in Piler the emails coming for the group is not visible.
I’ve seen other issues about this problem and i understood that the ldap configuration will solve it, but in my case it did not work.
This is my ldap Configuration.
\$config['ENABLE_LDAP_AUTH'] = 1;
\$config['LDAP_HOST'] = '192.168.1.20';
\$config['LDAP_PORT'] = 389;
\$config['LDAP_HELPER_DN'] = 'uid=user,cn=users,cn=accounts,dc=example,dc=com';
\$config['LDAP_HELPER_PASSWORD'] = 'Password';
#$config['LDAP_MAIL_ATTR'] = 'mail';
\$config['LDAP_AUDITOR_MEMBER_DN'] = '';
\$config['LDAP_ADMIN_MEMBER_DN'] = '';
\$config['LDAP_BASE_DN'] = 'cn=accounts,dc=example,dc=com';
// AD specific settings
//
\$config['LDAP_ACCOUNT_OBJECTCLASS'] = 'person';
\$config['LDAP_DISTRIBUTIONLIST_OBJECTCLASS'] = 'posixgroup';
\$config['LDAP_DISTRIBUTIONLIST_ATTR'] = 'memberOf';
\$config['LDAP_MAIL_ATTR'] = 'mail';
and this the log when i login in my user
Mar 10 08:04:16 piler piler-webui[32682]: ldap query: base dn='cn=accounts,dc=example,dc=com', filter='(&(objectClass=person)(mail=user1@example.com))', attr='', 1 hits
Mar 10 08:04:16 piler piler-webui[32682]: ldap auth against '192.168.1.20', dn: 'uid=user,cn=users,cn=accounts,dc=example,dc=com', result: 1
Mar 10 08:04:16 piler piler-webui[32682]: ldap query: base dn='cn=accounts,dc=example,dc=com', filter='(|(&(objectClass=person)(mail=user1@example.com))(&(objectClass=posixgroup)(memberOf=user1@example.com))(&(objectClass=posixgroup)(memberOf=uid=user1,cn=users,cn=accounts,dc=example,dc=com)))', attr='', 1 hits
Mar 10 08:04:16 piler piler-webui[32682]: username=user1@example.com, event='logged in', ipaddr=192.168.1.100
Comments (10)
-
reporter
-
repo owner
Show me the ldap entries for such group.
-
reporter
it contains users which are , user1,user2,user3,user4 and user5
and the group name which user1 is part of is cn=it,cn=groups=cn=accounts,dc=example,dc=com
-
repo owner
I asked you to show me the ldap attributes (think of an ldif file) of such group. If it’s not ok to share, then case is closed. If it contains sensitive info, then send me in a private message.
-
reporter
dn: cn=it,cn=groups,cn=accounts,dc=example,dc=com
modifyTimestamp: 20200315164419Z
ipaUncomueID: 6ac9435e-8f46-11e9-b3e4-001a4a260304
createTimestamp: 20190615082021Z
creatorsName: uid=admin,cn=users,cn=accounts,dc=example,dc=com
cn: it
gidNumber: 1663802440
member: uid=user1,cn=users,cn=accounts,dc=example,dc=com
member: uid=user2,cn=users,cn=accounts,dc=example,dc=com
member: uid=user3,cn=users,cn=accounts,dc=example,dc=com
member: uid=user4,cn=users,cn=accounts,dc=example,dc=com
member: uid=user5,cn=users,cn=accounts,dc=example,dc=com
objectClass: ipaobject
objectClass: top
objectClass: customAttributesDept
objectClass: customAttributes
objectClass: ipausergroup
objectClass: posixgroup
objectClass: groupofnames
objectClass: nestedgroup
description: IT
nsUncomueId: 5e0e7fcd-8f4611e9-b329fbb5-6cd31f59 -
repo owner
Thank you. I can see the members' dn values, however, I can’t see the actual group address. Where is it?
-
reporter
Thanks for your quick reply.
It’s dn: cn=it,cn=groups,cn=accounts,dc=example,dc=com
-
repo owner
It’s not an email address, that’s why the ldap result parser can’t find the group address. So where’s the email address?
-
reporter
Unfortunately , i don’t have an attribute for the email in the groups , i will try to find a work around
-
repo owner
- changed status to closed
OK, then case is closed.
- Log in to comment
