HI I'm trying to integrate Omnisci Immerse with our Active directory environment. So far i have managed to be able to get users to authenticate. However I cannot get the Super User function working.
I have created two groups in AD, Omnisciusers and Omnscisuper
I have created a role called Omnsciusers in immerse and assigned the Access privilege to it . My omnisci conf contains the following:
ldap-uri = "ldap://10.121.32.5" ldap-dn = "cn=$USERNAME,cn=users,dc=liegetest,dc=com" ldap-role-query-url = "ldap://10.121.32.5/cn=$USERNAME,cn=users,dc=liegetest,dc=com?memberOf" ldap-role-query-regex = "(Omniscius.*?)," ldap-superuser-role = "Omniscisuper"
The results of the above are:
if I add a AD user to the Omnisciusers group they can log in If I add a user to the Omniscisuper group, they are denied access If I add the same user that is in omniscisuper group to omnisiusers they can log in however are not assigned the super role
If I change the conf file to this: ldap-role-query-regex = "(Omniscius.*?)," ldap-superuser-role = "Omniscusers"
Both the users added above can log in and are both assigned super role.
Welcome to the community forum.
Taking a quick look at your configuration, it looks like the parameter.
ldap-role-query-regex = “(Omniscius.*?),”
It has a wrong value, so I can't get how the roles can get correctly detected.
Have you tried to run the curl command suggested on docs?
curl --user "uid=kiran,cn=users,cn=accounts,dc=mycompany,dc=com" "ldap://myldapserver.mycompany.com/uid=kiran,cn=users,cn=accounts,dc=mycompany,dc=com?memberOf"
and the process the results with SED or a similar command to see if the Regex expression match your role names
I cannot try the entire environment right now, but using this filter.
ldap-role-query-regex = (Omnisci.*?),
Assuming the roles are called Omnisciusers and Omniscisuper, it's going to match both when I tried with regex101.
I will try to reproduce everything asap, in the meanwhile could you post the logfile
As suggested into the documentation?
p.s. Are you using the Free Edition of tìout Software?
Please sign in to leave a comment.