Nested groups not working in LDAP query
I'm working on configuring LDAP authentication. Right now my user is able to login, but isn't getting its auditor/admin rights. I'm a member of a group called "Information Security", which in turn is a member of "mail archive auditors". Looking at the LDAP query being used to determine my group membership:
#!
Feb 2 14:33:44 mahouts piler-webui[57287]: ldap query: base dn='DC=mydomain,DC=COM', filter='(|(&(objectClass=user)(mail=first.last@mydomain.com))(&(objectClass=group)(member=first.last@mydomain.com))(&(objectClass=group)(member=CN=First Last,OU=Users,DC=mydomain,DC=com)))', attr='', 11 hits
I found this link on the subject. I use this for my ldap queries and it allows nested queries http://stackoverflow.com/questions/6143665/single-line-ldap-query-that-enumerates-users-from-a-group-within-a-supergroup
For now my users will be part of the main groups.
Scott
Comments (4)
-
repo owner -
reporter I didn't change anything. I just configured my groups up so that we're direct members of the group. I, sadly, don't have much time to play around with it.
-
repo owner Ah, I see. I'll check the stackoverflow stuff.
-
repo owner - changed status to resolved
A custom authentication hook is available in the master branch. If the default LDAP query is not good enough you have an option to write a custom query.
- Log in to comment
Thanks for the hint. Can you tell me what part of the code did you change? Perhaps post the diff.