IHMC CmapTools & CmapServer Support Forum

Posted: **Mon Sep 13, 2010 4:54 pm**

Hello,

Situation:
I'm having trouble configuring permissions to work via LDAP groups. I can currently authenticate to CMapServer with an LDAP account. I cannot use groups from the LDAP tree to assign permissions to a folder, though. I can assign permissions to individual users in the LDAP tree but not to groups.

Environment:
I have a folder in which I explicitly granted user rights to an LDAP user. I connect to Server with Tools as that user. I can create new maps and save them.

Using:
* CMapServer for Linux 5.04 on Ubuntu 10.4
* CMapTools for Windows 5.04 on WinXP, 32bit mode

I want to assign rights to the folder for an LDAP group called "Teachers" which exists in the "group" ou. I right-click on the folder in the Tools directory and select Permissions. From the Permissions List I select Add User. I click Browse, then set the User Type to "Group" and hit Search. No results appear. If I set user type to "All" or "Individual" I do get the users from the LDAP people ou.

My users are members of the groups, as listed in each group's memberUid attributes.

LDAP options from serverconfig.txt:

Code: Select all

# DN of the container where individual users are stored
ldap.user.directory.usersBaseDN=ou\=people,dc\=myownserver,dc\=com

# DN of the container where groups are stored
ldap.user.directory.groupsBaseDN=ou\=groups,dc\=myownserver,dc\=com

# Name of the attribute which holds the user's ID
ldap.user.directory.userAttr=uid

# Name of the attribute which holds the group's ID
ldap.user.directory.groupAttr=cn

The LDAP tree:

Code: Select all

dc=myownserver,cd=com
+--> ou=groups
| ---> cn=Admins
| ---> cn=Facilitator
| ---> cn=Leadership
| ---> cn=Teacher
+--> ou=people
| ---> cn=Cameron Goble
| ---> cn=CMapServer Admin
| ---> cn=Testy Testerson

Am I misusing the permissions tool? I don't see any example screenshots of how to select a group for permissions, so I'm not sure.

Thanks very much for your help!

Cameron Goble
Albuquerque NM USA

Posted: **Mon Sep 13, 2010 6:11 pm**

Have you checked: http://cmap.ihmc.us/Support/LDAP.php

Posted: **Tue Sep 14, 2010 9:30 am**

Yes, that was the first place I looked when I started investigating LDAP in the first place. I see guidance for users, but not group permissions. Am I missing something?

Posted: **Tue Sep 14, 2010 3:52 pm**

In order to be recognized by CmapTools, the LDAP groups must have one of
the following types of objectclass:

groupOfUniqueNames
groupOfNames
groupOfURLs

Also, make sure that your group objects are being indexed for searching
by your LDAP server, in particular the "cn" attribute needs to be
indexed with substring matching.

Posted: **Tue Sep 14, 2010 4:49 pm**

The groupofUniqueNames objectClass worked! I'm using phpLDAPadmin 1.2.0.5, and it comes with an array of easily confusable group templates that use different objectClasses.

I had been using Posix Group. I rebuilt my groups with the User Group template, and that had the groupOfNames objectClass. I'm still learning about how schemas work, but this made the groups searchible in CmapTools's permissions.

Thank you!
Cameron

Posted: **Fri Nov 05, 2010 11:48 pm**

Hi Guys,

Thanks for the information that i read,
BTW im a newly one in this site but i learned lot of ideas.
Thanks for having me here for sharing ideas.God bless.

how to treat depression

IHMC CmapTools & CmapServer Support Forum

[SOLVED] CMapServer searches LDAP for users but not groups

[SOLVED] CMapServer searches LDAP for users but not groups

Re: CMapServer searches LDAP for users but not groups

Re: CMapServer searches LDAP for users but not groups

Re: CMapServer searches LDAP for users but not groups

Re: CMapServer searches LDAP for users but not groups

Re: [SOLVED] CMapServer searches LDAP for users but not groups