[SOLVED] CMapServer searches LDAP for users but not groups

Having problems with IHMC CmapServer? Think you have found a bug? Let us know!
Forum rules
Before you post a problem or bug, please be sure you have included the version number of IHMC CmapServer, the operating system and version, the amount of RAM, and any other information that allows us to be able to replicate the problem you are having. (i.e. what were you doing when the problem occur? were you running another program (application) by the time you have the problem?)
Post Reply
camerongoble
Posts: 8
Joined: Mon Sep 13, 2010 4:31 pm

[SOLVED] CMapServer searches LDAP for users but not groups

Post by camerongoble » Mon Sep 13, 2010 4:54 pm

Hello,

Situation:
I'm having trouble configuring permissions to work via LDAP groups. I can currently authenticate to CMapServer with an LDAP account. I cannot use groups from the LDAP tree to assign permissions to a folder, though. I can assign permissions to individual users in the LDAP tree but not to groups.

Environment:
I have a folder in which I explicitly granted user rights to an LDAP user. I connect to Server with Tools as that user. I can create new maps and save them.

Using:
* CMapServer for Linux 5.04 on Ubuntu 10.4
* CMapTools for Windows 5.04 on WinXP, 32bit mode

I want to assign rights to the folder for an LDAP group called "Teachers" which exists in the "group" ou. I right-click on the folder in the Tools directory and select Permissions. From the Permissions List I select Add User. I click Browse, then set the User Type to "Group" and hit Search. No results appear. If I set user type to "All" or "Individual" I do get the users from the LDAP people ou.

My users are members of the groups, as listed in each group's memberUid attributes.

LDAP options from serverconfig.txt:

Code: Select all

# DN of the container where individual users are stored
ldap.user.directory.usersBaseDN=ou\=people,dc\=myownserver,dc\=com

# DN of the container where groups are stored
ldap.user.directory.groupsBaseDN=ou\=groups,dc\=myownserver,dc\=com

# Name of the attribute which holds the user's ID
ldap.user.directory.userAttr=uid

# Name of the attribute which holds the group's ID
ldap.user.directory.groupAttr=cn
The LDAP tree:

Code: Select all

dc=myownserver,cd=com
+--> ou=groups
| ---> cn=Admins
| ---> cn=Facilitator
| ---> cn=Leadership
| ---> cn=Teacher
+--> ou=people
| ---> cn=Cameron Goble
| ---> cn=CMapServer Admin
| ---> cn=Testy Testerson
Am I misusing the permissions tool? I don't see any example screenshots of how to select a group for permissions, so I'm not sure.

Thanks very much for your help!

Cameron Goble
Albuquerque NM USA
Last edited by camerongoble on Wed Sep 15, 2010 9:59 am, edited 1 time in total.

acanas
Posts: 752
Joined: Tue Mar 17, 2009 5:52 pm

Re: CMapServer searches LDAP for users but not groups

Post by acanas » Mon Sep 13, 2010 6:11 pm


camerongoble
Posts: 8
Joined: Mon Sep 13, 2010 4:31 pm

Re: CMapServer searches LDAP for users but not groups

Post by camerongoble » Tue Sep 14, 2010 9:30 am

Yes, that was the first place I looked when I started investigating LDAP in the first place. I see guidance for users, but not group permissions. Am I missing something?

acanas
Posts: 752
Joined: Tue Mar 17, 2009 5:52 pm

Re: CMapServer searches LDAP for users but not groups

Post by acanas » Tue Sep 14, 2010 3:52 pm

In order to be recognized by CmapTools, the LDAP groups must have one of
the following types of objectclass:

groupOfUniqueNames
groupOfNames
groupOfURLs

Also, make sure that your group objects are being indexed for searching
by your LDAP server, in particular the "cn" attribute needs to be
indexed with substring matching.

camerongoble
Posts: 8
Joined: Mon Sep 13, 2010 4:31 pm

Re: CMapServer searches LDAP for users but not groups

Post by camerongoble » Tue Sep 14, 2010 4:49 pm

The groupofUniqueNames objectClass worked! I'm using phpLDAPadmin 1.2.0.5, and it comes with an array of easily confusable group templates that use different objectClasses.

I had been using Posix Group. I rebuilt my groups with the User Group template, and that had the groupOfNames objectClass. I'm still learning about how schemas work, but this made the groups searchible in CmapTools's permissions.

Thank you!
Cameron

pacificshore
Posts: 3
Joined: Fri Nov 05, 2010 11:44 pm

Re: [SOLVED] CMapServer searches LDAP for users but not groups

Post by pacificshore » Fri Nov 05, 2010 11:48 pm

Hi Guys,

Thanks for the information that i read,
BTW im a newly one in this site but i learned lot of ideas.
Thanks for having me here for sharing ideas.God bless.

how to treat depression

Post Reply