• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    LDAP plugin and nesting groups of AD

    Scheduled Pinned Locked Moved Unsolved
    FOG Problems
    2
    9
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Fernando Gietz Developer
      last edited by

      Hi,

      I want to ask to the @developers if is possible nest a group inside another.

      Actually I have setup the admin Group with a group of my AD, then the people that is inside doesn’t have problems to login, but this group has nested another group and the people that is in this last group can not login.

      Can LDAP plugin manages groups of AD that are nested?

      1 Reply Last reply Reply Quote 0
      • george1421G
        george1421 Moderator
        last edited by

        For AD the answer is maybe, but you must use an AD extension to ldap search. For openldap, no you can not use nested groups. I’m looking at the code to see what needs to happen to make this work. But in theory its possible.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

        F 1 Reply Last reply Reply Quote 0
        • F
          Fernando Gietz Developer @george1421
          last edited by

          @george1421 said in LDAP plugin and nesting groups of AD:

          For AD the answer is maybe, but you must use an AD extension to ldap search. For openldap, no you can not use nested groups. I’m looking at the code to see what needs to happen to make this work. But in theory its possible.

          AD extension?

          george1421G 1 Reply Last reply Reply Quote 0
          • george1421G
            george1421 Moderator @Fernando Gietz
            last edited by

            @fernando-gietz Its an extension to the query.

            This is the premise of what needs to be done.

            (&(objectCategory=Person)(sAMAccountName=jondoe)(memberOf:1.2.840.113556.1.4.1941:=cn=TestGroup,ou=Groups,ou=CompanyUsers,dc=test,dc=corp))
            

            This is the code section I’m looking at about line # 505 of /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php

                    $filter = sprintf(
                        '(&(|(objectcategory=person)(objectclass=person))(%s=%s))',
                        $usrNamAttr,
                        $user
                    );
            
            

            The (%s=%s) is roughly equivalent to (sAMAccountName=jondoe) But only for AD queries. I’m not a programmer but I think we need to add an if statement in to where $usrNamAttr == sAMAccountName then build the AD specific query. I can see what needs to be done, I just need to work it out in my head.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

            F 1 Reply Last reply Reply Quote 0
            • F
              Fernando Gietz Developer @george1421
              last edited by

              @george1421 I can take a look in my develop environment and see if works

              george1421G 1 Reply Last reply Reply Quote 0
              • george1421G
                george1421 Moderator @Fernando Gietz
                last edited by george1421

                @fernando-gietz While I’m busy at the moment, we will also need to pickup the group search ou and the group name to fill out the query. To use the extended search with the oid, it looks like it needs the full ldap path to the group to be a member of. But again I didn’t look at the whole code.

                I was wrong you want to focus on this function

                private function _getAccessLevel($grpMemAttr, $userDN)
                

                line 581

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                1 Reply Last reply Reply Quote 0
                • F
                  Fernando Gietz Developer
                  last edited by

                  I see in this fuction that is possible setup some differents groups separate by colons (I don’t know this) and with this I can solve my problem 🙂

                  $adminGroups = explode(',', $adminGroup);
                  

                  Maybe would be good update the info in the wiki XD, I just see it and is very very old

                  @george1421 If you want, we can follow with this or close the ticket

                  george1421G 1 Reply Last reply Reply Quote 0
                  • george1421G
                    george1421 Moderator @Fernando Gietz
                    last edited by

                    @fernando-gietz You need to do what is best for your use case. Having hierarchical groups (embedded groups in groups) would be a nice add to the ldap plugin. But so far only you have asked for this feature.

                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                    1 Reply Last reply Reply Quote 0
                    • F
                      Fernando Gietz Developer
                      last edited by

                      I follow with my problem 😞
                      I think that the best option is ask this new feature 🙂

                      1 Reply Last reply Reply Quote 0
                      • 1 / 1
                      • First post
                        Last post

                      205

                      Online

                      12.0k

                      Users

                      17.3k

                      Topics

                      155.2k

                      Posts
                      Copyright © 2012-2024 FOG Project