LDAP Integration
HI I'm trying to integrate Omnisci Immerse with our Active directory environment. So far i have managed to be able to get users to authenticate. However I cannot get the Super User function working.
I have created two groups in AD, Omnisciusers and Omnscisuper
I have created a role called Omnsciusers in immerse and assigned the Access privilege to it .
My omnisci conf contains the following:
ldap-uri = "ldap://10.121.32.5" ldap-dn = "cn=$USERNAME,cn=users,dc=liegetest,dc=com" ldap-role-query-url = "ldap://10.121.32.5/cn=$USERNAME,cn=users,dc=liegetest,dc=com?memberOf" ldap-role-query-regex = "(Omniscius.*?)," ldap-superuser-role = "Omniscisuper"
The results of the above are:
if I add a AD user to the Omnisciusers group they can log in If I add a user to the Omniscisuper group, they are denied access If I add the same user that is in omniscisuper group to omnisiusers they can log in however are not assigned the super role
If I change the conf file to this: ldap-role-query-regex = "(Omniscius.*?)," ldap-superuser-role = "Omniscusers"
Both the users added above can log in and are both assigned super role.
Help appreciated
-
Hi @mixhali,
Welcome to the community forum.
Taking a quick look at your configuration, it looks like the parameter.
ldap-role-query-regex = “(Omniscius.*?),”
It has a wrong value, so I can't get how the roles can get correctly detected.
Have you tried to run the curl command suggested on docs?
curl --user "uid=kiran,cn=users,cn=accounts,dc=mycompany,dc=com" "ldap://myldapserver.mycompany.com/uid=kiran,cn=users,cn=accounts,dc=mycompany,dc=com?memberOf"
and the process the results with SED or a similar command to see if the Regex expression match your role names
I cannot try the entire environment right now, but using this filter.
ldap-role-query-regex = (Omnisci.*?),
Assuming the roles are called Omnisciusers and Omniscisuper, it's going to match both when I tried with regex101.
I will try to reproduce everything asap, in the meanwhile could you post the logfile
$OMNISCI_STORAGE/mapd_log/omnisci_server.INFO
As suggested into the documentation?
Regards, Candido
p.s. Are you using the Free Edition of tìout Software?
Please sign in to leave a comment.
Comments
1 comment