• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Access Control Plugin - LDAP Users

Scheduled Pinned Locked Moved
General
5
12
1.4k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    Greg Plamondon Testers
    last edited by Feb 28, 2018, 6:30 PM

    Is there any way to use the access control plugin with LDAP authentication?

    1 Reply Last reply Reply Quote 0
    • F
      Fernando Gietz Developer
      last edited by Fernando Gietz Mar 1, 2018, 5:56 AM Mar 1, 2018, 11:54 AM

      Yes. But actually is not officially supported.

      When you use the LDAP plugin, this one creates temporal users; in this way, when an user logs on, the plugin will authenticate it vs your LDAP server or AD and insert the username in the DB with uType 900/901. When the user logs off then the user is erased from the DB. Working in this way you can not associate a rule of AccessControl to one or more user because the users are temporals.

      I spoke with @Tom-Elliott about this problem and how solve. I have solved it with a temporal solution (in Spanish ñapa, chapuza, parche o solucion provisional con visos de definitiva) to this little problem. I have developed a little plugin that converts the temporal users in “eternal” users. This plugin is not official and we need to update the AccessControl to do this work and not create a new one.

      If you want this unofficial plugin, I can send you by email.

      G 2 Replies Last reply Mar 1, 2018, 2:39 PM Reply Quote 0
      • G
        Greg Plamondon Testers @Fernando Gietz
        last edited by Greg Plamondon Mar 1, 2018, 8:39 AM Mar 1, 2018, 2:39 PM

        @fernando-gietz

        I would love to try your unofficial plugin.
        I will send you a message with my Email Address.

        Thanks

        1 Reply Last reply Reply Quote 0
        • G
          Greg Plamondon Testers @Fernando Gietz
          last edited by Mar 1, 2018, 4:06 PM

          @fernando-gietz

          Thanks Fernando works like a charm!

          1 Reply Last reply Reply Quote 0
          • Y
            ylber
            last edited by Feb 7, 2019, 10:41 AM

            Hi Greg,

            In our company, we would like to manage access controls for LDAP users.

            Can you send me the plugin you’ve created so I can test it please ?

            Thank you a lot for your help and have a nice one.

            Ylber

            1 Reply Last reply Reply Quote 0
            • F
              Fernando Gietz Developer
              last edited by Fernando Gietz Feb 7, 2019, 7:19 AM Feb 7, 2019, 1:14 PM

              @ylber This plugin actually is not necessary, I made some changes in the LDAP plugin to solve the problem with LDAP users.

              You can find the new version of LDAP Plugin (Version: 1.1) in the working branch of git.
              The new version adds the possibility to filter by users, you can config the filter in FOG Configuration -> Plugin:LDAP. To see the LDAP users USER FILTER = 991

              Y 1 Reply Last reply Feb 11, 2019, 7:22 AM Reply Quote 0
              • S
                Sebastian Roth Moderator
                last edited by Feb 7, 2019, 3:34 PM

                @ylber Are you using the plugins LDAP and access control yet? If not, then you need to start looking into those first.

                If you got those working then you might want to take a look at this commits on github: c64b5c36 and 3f6c053a

                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                1 Reply Last reply Reply Quote 0
                • Y
                  ylber @Fernando Gietz
                  last edited by Feb 11, 2019, 7:22 AM

                  @Fernando-Gietz
                  Thank you for your quick reply. I don’t completely understand it.
                  In one hand, we have the control access plugin that it’s no longer supported but that had the capability to define roles for standard users (read access or can deploy image, etc…).
                  But this plugin is not compatible with LDAP user from LDAP plugin.
                  Our goal is to be capable of defining roles for LDAP users.
                  Our FOG server is in production so I can not start modifying files when I want.
                  Is there a simple solution to this problem ? Like another plugin ? or if I correctly understood, the new version of LDAP plugin is capable of that ? if yes, how I can update a plugin without the use of GIT ?

                  Thank you a lot for your help. We use FOG in our company that counts more than 3000 users and we are very happy with it.

                  1 Reply Last reply Reply Quote 0
                  • F
                    Fernando Gietz Developer
                    last edited by Feb 11, 2019, 6:03 PM

                    Hi @ylber the new version of Access Control Plugin supports LDAP users.

                    The plugin that Greg says was the solution to use LDAP users with AccessControl plugin, but this was before the Access Control version 1.5.5. This new version can filter the user by his type (990 or 991), you can setup it in FOG Configuration -> PLUGIN: LDAP

                    Y S 2 Replies Last reply Feb 12, 2019, 7:38 AM Reply Quote 0
                    • Y
                      ylber @Fernando Gietz
                      last edited by Feb 12, 2019, 7:38 AM

                      @Fernando-Gietz
                      Hi, Ok now I understand. In FOG Configuration, I don’t have PLUGIN:LDAP so I guess I don’t have the new version of this plugin.
                      Is there a way to update the plugin ?
                      Thank’s a lot for your help.

                      1 Reply Last reply Reply Quote 0
                      • F
                        Fernando Gietz Developer
                        last edited by Fernando Gietz Feb 12, 2019, 3:14 AM Feb 12, 2019, 9:13 AM

                        @ylber you can get the code from from working_dev branch in git repository.

                        1 Reply Last reply Reply Quote 0
                        • S
                          symrex @Fernando Gietz
                          last edited by symrex Jul 15, 2020, 5:28 AM Jul 15, 2020, 11:27 AM

                          This post is deleted!
                          1 Reply Last reply Reply Quote 0
                          • 1 / 1
                          • First post
                            Last post

                          180

                          Online

                          12.0k

                          Users

                          17.3k

                          Topics

                          155.2k

                          Posts
                          Copyright © 2012-2024 FOG Project