I think my problem is looking up the 'member' field in my groups. That seems to be populated with CNs.
On 14 April 2015 at 15:24, Parisi, Justin Justin.Parisi@netapp.com wrote:
There’s probably a way to adjust the LDAP schema in DFM to do a lookup of an attribute other than CN, such as gecos, sAMAccountName or something similar.
I’d make that the focus of your efforts. That way, you don’t have to re-arrange architecture.
*From:* toasters-bounces@teaparty.net [mailto: toasters-bounces@teaparty.net] *On Behalf Of *Edward Rolison *Sent:* Tuesday, April 14, 2015 8:35 AM *To:* Jordan Slingerland *Cc:* toasters@teaparty.net *Subject:* Re: DFM LDAP auth/Linux
Sorry, should have been a little clearer - I tried switching off LDAP:
if I do 'dfm user add -r GlobalFullControl someuser' it reports 'does not exist, login disabled'. If I do so for _my_ user account on the linux host (which is LDAP integrated) it doesn't complain.
However, DFM won't let me login as this user.
On 14 April 2015 at 13:25, Jordan Slingerland < Jordan.Slingerland@independenthealth.com> wrote:
What exactly do you mean by it recognizes the account but does not seem to allow password auth?
Can you run “dfm user add -r GlobalFullControl <ldap user>” (or whatever permissions make sense for this user)
If not, you should be able to configure /etc/nsswitch.conf to check if a local account exists look locally before going out to ldap. It sounds like you might have been going down that trail already.
--JMS
*From:* toasters-bounces@teaparty.net [mailto: toasters-bounces@teaparty.net] *On Behalf Of *Edward Rolison *Sent:* Tuesday, April 14, 2015 6:56 AM *To:* toasters@teaparty.net *Subject:* DFM LDAP auth/Linux
I've been setting up a new instance of DFM on Linux, and have started configuring up DFM.
I've finally figured out why it's not been working though - it's because the 'CN' for all our accounts contains a bracket.
CN=Full Name (unixID)
This leaves me in a bit of an irritating position. I can't change my account config across my active directory - at least not very easily.
Can I do 'LDAP auth' via the local system somehow? I can log in to my DFM box as me, and when I add my user... it recognises the account. But it doesn't seem to allow a password auth (not unless I set a local account, which is a route that'll mean having to wrangle with security).
Anyone else run into this problem or got a line of investigation?
(I have a ticket open, but this feels like the sort of thing that's irritatingly difficult to 'fix' on the fly).