[Lam-public] Ldap filter and overlay memberof

Thu, 17 Apr 2014 03:41:40 -0700 

Hello,

I want to give access to users (technicians) only list machines Samba
domain.

For this, I created a profile that displays the machines :

General settings/Server settings 
Tree suffix = empty
Access level = Read-only

General settings/Tool settings
Hidde tools = all the hidden tools

General settings/Security settings
Login method = LDAP search
LDAP suffix : dc=mycompany.fr,dc=local
LDAP filter :
(&(objectclass=inetOrgPerson)(memberof=cn=LamHosts,ou=applications,dc=mycompany.fr,dc=local))

Account types :
Hosts (LDAP suffix+List attributes)

ACL in slapd.conf:
access to * by
group.base="cn=LamHosts,ou=applications,dc=mycompany.fr,dc=local" read


The LDAP filter works if the "groupOfNames" LamHosts contains only one
"member" attribute (e.g. member: uid=toto,ou=users,dc=mycompany,dc=local)
In this case, the login works and the user "toto" can clearly see the list
of machines.

On the other hand, if I add a new "member" attribute (e.g. member:
uid=titi,ou=users,dc=mycompany,dc=local) in the "groupOfNames" LamHosts,
titi user (or any other user of the ldap directory) can not connect to the
Lam application and the following error message appears : "The Message
Given user name matches multiple LDAP entries."

Ldapsearch command with filter on the server console :
ldapsearch -x -D "uid=ldapadmin,ou=sysusers,dc=local" -W -b
"dc=mycompany.fr,dc=local" -xLLL
"(&(objectclass=inetOrgPerson)(memberof=cn=LamHosts,ou=applications,dc=mycompany.fr,dc=local))"
uid 
Result :
dn: uid=titi,ou=users,dc=mycompany.fr,dc=local
uid: titi
dn: uid=toto,ou=users,dc=mycompany.fr,dc=local
uid: toto

I continue my research but am taking an idea, track, advice or solution if
you know.

Thanks.
Pascal
(Lam Pro 4.5)


------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Lam-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lam-public

Reply via email to