ldap groups

This forum was archived to /woltlab and is now in read-only mode.
  • Hi all,


    im trying to get icingaweb2 to get to know my ldap groups under "Configuration -> Authentication -> User Groups".


    Currently the authentication against ldap is working like it should. I guess i have to adjust the ldap filter but i dont know what result icingaweb2 expects.


    Unfortunately in https://github.com/Icinga/icin…/doc/05-Authentication.md can't be found very much about the groups.

    I have to admit that i'm not very firm with ldap.


    The current authentication.ini looks as following :


    Code
    1. root@master:~# cat /etc/icingaweb2/authentication.ini
    2. [icingaweb2]
    3. user_class = "user"
    4. filter = "(&(objectCategory=person)(objectclass=user)(| (memberOf:1.2.840.113556.1.4.1941:=cn=G_System-Administration,ou=Domain Groups,dc=inside,dc=domain,dc=de)(memberOf:1.2.840.113556.1.4.1941:=cn=G_GROUP,ou=Domain Groups,dc=inside,dc=domain,dc=de)) (!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
    5. user_name_attribute = "sAMAccountName"
    6. backend = "ldap"
    7. base_dn = "DC=inside,DC=domain,DC=de"
    8. resource = "icingaweb_ldap"


    I dont expect you to give me the correct ldap-filter. But maybe you can help me figuring out, what icingaweb2 expects, so i can figure the filter out by myself on the DC.


    Thank you in advance1

  • Okay, i got it to work but it took some trial and error.


    Would be a lot easier if the documentation to the group.ini were better.


    Code
    1. [ADDomainGroups]
    2. resource = "icingaweb_ldap"
    3. user_backend = "icingaweb2"
    4. group_class = "group"
    5. group_filter = "|(CN=G_PSP_DEVOPS)(CN=G_Abt_IT_Team_ADMIN)"
    6. group_name_attribute = "name"
    7. group_member_attribute = "member"
    8. base_dn = ""
    9. backend = "ldap"