Membership of Roles

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello

I am testing integration of 389-ds with a blogging system. I plan to use roles instead of groups to automatically give users rights to service on the blog system. However, I am having problems with the system identifying members of roles. I need help with defining the correct search parameters to identify which roles a uid or cn is a member of.

 

From within the blog system I’m using LDAPGroupFilter (objectclass=ldapSubEntry) to list the roles. The roles list correctly as groups within the blog system.

From within 389 the members of roles are configured as filtered, and I can see the configured members using the Directory Server GUI.

The blog system is not identifying members of roles when it does its search against 389. Note, users can log into the blog system using the accounts created on 389. I don’t think I am applying the correct search criteria to identify group membership. I need advice on creation of the correct search criteria for membership of roles/groups.

 

 

Sample log from access

 

[31/Aug/2013:11:09:39 +0100] conn=265 op=0 BIND dn="cn=Directory Manager" method=128 version=3

[31/Aug/2013:11:09:39 +0100] conn=265 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"

[31/Aug/2013:11:09:39 +0100] conn=265 op=1 SRCH base="dc=xxxx,dc=com" scope=2 filter="(&(mail=testuser16@xxxxxxxx)(objectClass=*))" attrs="distinguishedName"

[31/Aug/2013:11:09:39 +0100] conn=265 op=1 RESULT err=0 tag=101 nentries=1 etime=0

[31/Aug/2013:11:09:39 +0100] conn=265 op=2 BIND dn="uid=1000016,ou=Customers,dc=xxxx,dc=com" method=128 version=3

[31/Aug/2013:11:09:39 +0100] conn=265 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=1000016,ou=customers,dc=xxxx,dc=com"

[31/Aug/2013:11:09:39 +0100] conn=265 op=3 BIND dn="cn=Directory Manager" method=128 version=3

[31/Aug/2013:11:09:39 +0100] conn=265 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"

[31/Aug/2013:11:09:39 +0100] conn=265 op=4 SRCH base="dc=xxxx,dc=com" scope=2 filter="(&(mail=testuser16@xxxxxxxx)(objectClass=*))" attrs="uid mail cn mail distinguishedName"

[31/Aug/2013:11:09:39 +0100] conn=265 op=4 RESULT err=0 tag=101 nentries=1 etime=0

[31/Aug/2013:11:09:39 +0100] conn=265 op=5 SRCH base="dc=xxxx,dc=com" scope=2 filter="(|(uid=1000016))" attrs="nsRole"

[31/Aug/2013:11:09:39 +0100] conn=265 op=5 RESULT err=0 tag=101 nentries=1 etime=0

[31/Aug/2013:11:09:39 +0100] conn=265 op=6 SRCH base="ou=customers,dc=xxxx,dc=com" scope=2 filter="(&(|(member=cn=xxxxrolecommentertest,ou=customers,dc=xxxx,dc=com))(objectClass=ldapSubEntry))" attrs="cn cn member nsUniqueId"

[31/Aug/2013:11:09:39 +0100] conn=265 op=6 RESULT err=0 tag=101 nentries=0 etime=0

[31/Aug/2013:11:09:39 +0100] conn=265 op=7 UNBIND

[31/Aug/2013:11:09:39 +0100] conn=265 op=7 fd=68 closed - U1

 

 

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux