There’s probably a way to adjust the LDAP schema in DFM to do a lookup of an attribute other than CN, such as gecos, sAMAccountName or something similar.

 

I’d make that the focus of your efforts. That way, you don’t have to re-arrange architecture.

 

From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Edward Rolison
Sent: Tuesday, April 14, 2015 8:35 AM
To: Jordan Slingerland
Cc: toasters@teaparty.net
Subject: Re: DFM LDAP auth/Linux

 

Sorry, should have been a little clearer - I tried switching off LDAP:

if I do 'dfm user add -r GlobalFullControl someuser' it reports 'does not exist, login disabled'. 
If I do so for _my_ user account on the linux host (which is LDAP integrated) it doesn't complain. 

However, DFM won't let me login as this user. 

 

On 14 April 2015 at 13:25, Jordan Slingerland <Jordan.Slingerland@independenthealth.com> wrote:

What exactly do you mean by it recognizes the account but does not seem to allow password auth?

 

Can you run “dfm user add -r GlobalFullControl <ldap user>”    (or whatever permissions make sense for this user)

 

If not, you should be able to configure /etc/nsswitch.conf to check if a local account exists look locally before going out to ldap.  It sounds like you might have been going down that trail already.

 

--JMS

 

From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Edward Rolison
Sent: Tuesday, April 14, 2015 6:56 AM
To: toasters@teaparty.net
Subject: DFM LDAP auth/Linux

 

I've been setting up a new instance of DFM on Linux, and have started configuring up DFM. 

I've finally figured out why it's not been working though - it's because the 'CN' for all our accounts contains a bracket. 

CN=Full Name (unixID)

This leaves me in a bit of an irritating position. I can't change my account config across my active directory - at least not very easily. 

Can I do 'LDAP auth' via the local system somehow? I can log in to my DFM box as me, and when I add my user... it recognises the account. 
But it doesn't seem to allow a password auth (not unless I set a local account, which is a route that'll mean having to wrangle with security). 

Anyone else run into this problem or got a line of investigation?

(I have a ticket open, but this feels like the sort of thing that's irritatingly difficult to 'fix' on the fly).