Hi again Tobias, Yes, users and groups didnt show up under manager and i only assumed that it won't show if sec.directory authentication is selected (both 'read user info' and 'read user and group' info).
I don't have access to a proper Active directory server to limit the no. of users and groups. However i setup an openLDAP server and created users and groups (~150 users and 4 groups). Users and Groups under manager shows nothing, i tried reducing the list to 50 and still didnt help... I can confirm however, that the authentication works; i.e. i can login with credentials from openLdap server when its set as secondary server (well... after manually editing the related pam_ldap file because there is (was? didn't have chance to check-out new version for this) a bug when you type a comma delimited (no spaces) principal under secondary server. In A.directory examples, i noticed You are using [email protected]. However with openLdap, the principal is something like 'dc=company,dc=com,ou=Manager' I boot-up a client, ssh and check the pam_ldap conf file and the principal shows truncated; i.e. 'dc=company' only then i edit this file manually, and change to 'dc=company,dc=com,ou=manager' and thinclient authenticates with the openldap following the change. Is it possible to capture a screen-shot of the manager UI when you configure secondary server with 'read user and group data'? I can't access to any A.directory server and curious what the current status is. Thanks in advance. cheers! Tobias Abt wrote: > > Hi! > > akeilo cm schrieb: >> Hi Tobias, >> >> The article in the URL only shows how to setup the Secondary Server to >> Active directory authentication. >> >> It does not mention anyhint about how the applications, or application >> groups (or thinclients if applicable) will be assigned to the Secondary >> Directory authenticated user/group. >> >> What i am trying to understand is simply this: >> >> OTC setup to read user and group info from secondary dir. server, which >> authentication works and user logsin to the desktop. >> >> However, there is no application or app. group setup, or assigned to the >> authenticated user/group (because you mentioned we DONT need to create >> the >> groups or users in the OTC manually to correspond >> Therefore there is no application on the desktop of the logged in user. > > Yes, true. Maybe I did not make myself clear enough. Sorry about that. > > You don't have to recreate users and groups, but you still have to > assign an application (or application group) to at least one of: > user, user group or thin client. > >> The article says nothing about on how to go about managing the secondary >> directory server authenticated users application (or app. group) >> assignment. > > Sorry, I thought that would be clear. > > First, you setup OTC to use the second server for user and group > information. Well, you have done that. > > Then you would have to edit your application (or app group) to > link it to some user or user group. > > Note: I am currently not sure whether the currently available OTC > release already has a fix for this situation: > - if the list on the secondary server is bigger that that server > will report in a single query, it will tell the listener (our > software) to make an additional fetch until all is obtained. > - that incremental query is a rather new feature in OTC and I > will have to ask Martin if he released it yet. > >> The only way i can figure is to assign the applications to the >> thinclient, >> which then the secondary dir. authenticated user will read application >> indo >> from the thinclient's assignments - which is obviously a bad exercise. > > Doesn't the user and user group lists show your users/groups? If those > lists are empty then you probably suffer from above bug/unimplemented > feature... > How many users and groups does your LDAP / Active Directory have? > What kind of server is that? > >> I got the tone from ongoing discussions that assigning applications/app. >> groups to secondary dir. authenticated users are trivial. Article says >> nothing about it and I am feeling lost on how to go about assigning >> application-groups or applications to these externally authenticated >> users. >> >> would appreciate if you can clarify. > > I hope that you see a bit clearer now. > >> cheers! > > You're welcome! > > -- > Bye, > Tobias Abt > > levigo systems gmbh ----------- ein unternehmen der levigo gruppe > Max-Eyth-Strasse 30 Telefon: 07031 / 4161-10 > D-71088 Holzgerlingen Telefax: 07031 / 4161-11 > Geschäftsführer: Oliver Bausch http://systems.levigo.de/ > Registergericht: Stuttgart HRB 245 180 USt-ID: DE813226078 > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the > world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > The Open Source Thin Client Solution http://openthinclient.org > [email protected] > https://lists.sourceforge.net/lists/listinfo/openthinclient-user > > -- View this message in context: http://www.nabble.com/How-to-assign-the-AD-user-the-application-group%28s%29-tp20428570p21525311.html Sent from the openthinclient.org users' mailing list mailing list archive at Nabble.com. ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ The Open Source Thin Client Solution http://openthinclient.org [email protected] https://lists.sourceforge.net/lists/listinfo/openthinclient-user
