Access Control Plugin - LDAP Users

Greg Plamondon · Feb 28, 2018, 6:30 PM

Is there any way to use the access control plugin with LDAP authentication?

Fernando Gietz · Mar 1, 2018, 5:56 AM

Yes. But actually is not officially supported.

When you use the LDAP plugin, this one creates temporal users; in this way, when an user logs on, the plugin will authenticate it vs your LDAP server or AD and insert the username in the DB with uType 900/901. When the user logs off then the user is erased from the DB. Working in this way you can not associate a rule of AccessControl to one or more user because the users are temporals.

I spoke with @Tom-Elliott about this problem and how solve. I have solved it with a temporal solution (in Spanish ñapa, chapuza, parche o solucion provisional con visos de definitiva) to this little problem. I have developed a little plugin that converts the temporal users in “eternal” users. This plugin is not official and we need to update the AccessControl to do this work and not create a new one.

If you want this unofficial plugin, I can send you by email.

Greg Plamondon · Mar 1, 2018, 8:39 AM

@fernando-gietz

I would love to try your unofficial plugin.
I will send you a message with my Email Address.

Thanks

Greg Plamondon · Mar 1, 2018, 4:06 PM

@fernando-gietz

Thanks Fernando works like a charm!

ylber · Feb 7, 2019, 10:41 AM

Hi Greg,

In our company, we would like to manage access controls for LDAP users.

Can you send me the plugin you’ve created so I can test it please ?

Thank you a lot for your help and have a nice one.

Ylber

Fernando Gietz · Feb 7, 2019, 7:19 AM

@ylber This plugin actually is not necessary, I made some changes in the LDAP plugin to solve the problem with LDAP users.

You can find the new version of LDAP Plugin (Version: 1.1) in the working branch of git.
The new version adds the possibility to filter by users, you can config the filter in FOG Configuration -> Plugin:LDAP. To see the LDAP users USER FILTER = 991

Sebastian Roth · Feb 7, 2019, 3:34 PM

@ylber Are you using the plugins LDAP and access control yet? If not, then you need to start looking into those first.

If you got those working then you might want to take a look at this commits on github: c64b5c36 and 3f6c053a

ylber · Feb 11, 2019, 7:22 AM

@Fernando-Gietz
Thank you for your quick reply. I don’t completely understand it.
In one hand, we have the control access plugin that it’s no longer supported but that had the capability to define roles for standard users (read access or can deploy image, etc…).
But this plugin is not compatible with LDAP user from LDAP plugin.
Our goal is to be capable of defining roles for LDAP users.
Our FOG server is in production so I can not start modifying files when I want.
Is there a simple solution to this problem ? Like another plugin ? or if I correctly understood, the new version of LDAP plugin is capable of that ? if yes, how I can update a plugin without the use of GIT ?

Thank you a lot for your help. We use FOG in our company that counts more than 3000 users and we are very happy with it.

Fernando Gietz · Feb 11, 2019, 6:03 PM

Hi @ylber the new version of Access Control Plugin supports LDAP users.

The plugin that Greg says was the solution to use LDAP users with AccessControl plugin, but this was before the Access Control version 1.5.5. This new version can filter the user by his type (990 or 991), you can setup it in FOG Configuration -> PLUGIN: LDAP

ylber · Feb 12, 2019, 7:38 AM

@Fernando-Gietz
Hi, Ok now I understand. In FOG Configuration, I don’t have PLUGIN:LDAP so I guess I don’t have the new version of this plugin.
Is there a way to update the plugin ?
Thank’s a lot for your help.

Fernando Gietz · Feb 12, 2019, 3:14 AM

@ylber you can get the code from from working_dev branch in git repository.

symrex · Jul 15, 2020, 5:28 AM

This post is deleted!

Access Control Plugin - LDAP Users

218

12.0k

17.3k

155.2k