• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Access Control Plugin working with AD

Scheduled Pinned Locked Moved
General Problems
access control ldap plugin
3
7
1.1k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    Miodog
    last edited by Apr 16, 2019, 6:39 PM

    Re: Access Control
    I’m currently setting up FoG and I got the LDAP plugin working with two security groups Admin and Mobile and I found this thread form earlier this year that mobile no longer exists.

    Is there plans to tie the Access Control plugin with the LDAP plugin where I can assign roles to LDAP users of FoG?

    If not is the only way to use the Access Control plugin to use users created from the FoG GUI user menu?

    F 1 Reply Last reply Apr 17, 2019, 2:13 PM Reply Quote 0
    • S
      Sebastian Roth Moderator
      last edited by Apr 16, 2019, 7:16 PM

      @Fernando-Gietz Is the one to ask here.

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      1 Reply Last reply Reply Quote 0
      • M
        Miodog
        last edited by Apr 17, 2019, 12:54 PM

        Thank you Sebastian I’ll get in touch with @Fernando-Gietz.

        1 Reply Last reply Reply Quote 0
        • M
          Miodog
          last edited by Apr 17, 2019, 1:25 PM

          @Fernando-Gietz
          I see my usernames that I’m testing with and the ones from the Admin group have a UType of 990 and the the username from the Mobile group has 991. There is also the UDisplay field that is Admin for the default FoG account but an empty string for the users I’ve added.

          My plan would be to keep Admin and Technician users separated in AD with the Mobile and Admin LDAP search options and then once verified use the Access Control Plugin to assign rights to the users based on their UType.

          Is this something that could work?

          1 Reply Last reply Reply Quote 0
          • F
            Fernando Gietz Developer @Miodog
            last edited by Fernando Gietz Apr 17, 2019, 8:14 AM Apr 17, 2019, 2:13 PM

            @Miodog said in Access Control Plugin working with AD:

            Re: Access Control
            I’m currently setting up FoG and I got the LDAP plugin working with two security groups Admin and Mobile and I found this thread form earlier this year that mobile no longer exists.

            Is there plans to tie the Access Control plugin with the LDAP plugin where I can assign roles to LDAP users of FoG?

            If not is the only way to use the Access Control plugin to use users created from the FoG GUI user menu?

            When you install and config the LDAP plugin, you can setup two user profiles: Admin and mobile. The users of admin group can see all options of the interface (dashboard, hosts, images, groups, configuration, …) and the mobile users load a small and limit interface. As you read in the post Access Control the mobile interface is obsolete and will be deprecated in the future.

            We can distinct two users in FOG: Local users and LDAP users.

            • Local users
              These users are create in the web interface and you can create it on demand and you can have as many users as you need. In the table users of the database these users have the uType = 0 or 1 (0 for admins and 1 for mobile)

            • LDAP users
              These users are create in the database automatically when one user log on successfully. In the database have uType values equal 900 and 901 (900 for users of admin group and 901 for users of mobile group). By default the user of admin group can see all options in the web interface.

            With the AccessControl plugin you can limit the access of the users to the some menus of the interface web, you can define some rules (access to one menu or submenu), you can define some roles (groups of users) and tie rules to roles. With this you can define different access levels. But you must config it manually.

            You can assign local users and LDAP users to one role. By default you can only see the local users list, to see all users of the database you must to config the user filter in FOG Configuration -> FOG Settings -> Plugin LDAP -> User Filter.

            M 1 Reply Last reply Apr 17, 2019, 2:27 PM Reply Quote 0
            • M
              Miodog @Fernando Gietz
              last edited by Apr 17, 2019, 2:27 PM

              @Fernando-Gietz
              Hi Fernando, Thank you for the quick reply. I don’t see the Plugin LDAP User Filter in my configuration page. I’m on version 1.5.5. The only Plugin menu item that I have is Plugin System.

              ![alt text](1b733bed-d25a-4931-ae72-1a9357a8a6c9-image.png image url)

              F 1 Reply Last reply Apr 17, 2019, 2:44 PM Reply Quote 0
              • F
                Fernando Gietz Developer @Miodog
                last edited by Fernando Gietz Apr 17, 2019, 8:45 AM Apr 17, 2019, 2:44 PM

                @Miodog This is for 1.5.5 version.
                But you can do a workaround:

                1. go to FOG_DIRECTORY/lib/plugin/ldap/hooks
                2. Do a copy of ldappluginhook.hook.php
                #cp ldappluginhook.hook.php ldappluginhook.hook.php.ori
                
                1. Lets go to edit one line of the code:
                # vim ldappluginhook.hook.php
                
                    /**
                     * Sets our user type to filter from user list
                     *
                     * @param mixed $arguments the item to adjust
                     *
                     * @return void
                     */
                    public function setTypeFilter($arguments)
                    {
                          $arguments['types'] = array(990,991);
                    }
                
                1. Change the line:
                $arguments['types'] = array(990,991);
                

                To:

                $arguments['types'] = array(991);
                

                With this change you can see the local users and LDAP admin users

                1 Reply Last reply Reply Quote 0
                • 1 / 1
                1 / 1
                • First post
                  2/7
                  Last post

                210

                Online

                12.0k

                Users

                17.3k

                Topics

                155.2k

                Posts
                Copyright © 2012-2024 FOG Project