Situation:
I'm having trouble configuring permissions to work via LDAP groups. I can currently authenticate to CMapServer with an LDAP account. I cannot use groups from the LDAP tree to assign permissions to a folder, though. I can assign permissions to individual users in the LDAP tree but not to groups.
Environment:
I have a folder in which I explicitly granted user rights to an LDAP user. I connect to Server with Tools as that user. I can create new maps and save them.
Using:
* CMapServer for Linux 5.04 on Ubuntu 10.4
* CMapTools for Windows 5.04 on WinXP, 32bit mode
I want to assign rights to the folder for an LDAP group called "Teachers" which exists in the "group" ou. I right-click on the folder in the Tools directory and select Permissions. From the Permissions List I select Add User. I click Browse, then set the User Type to "Group" and hit Search. No results appear. If I set user type to "All" or "Individual" I do get the users from the LDAP people ou.
My users are members of the groups, as listed in each group's memberUid attributes.
LDAP options from serverconfig.txt:
Code: Select all
# DN of the container where individual users are stored
ldap.user.directory.usersBaseDN=ou\=people,dc\=myownserver,dc\=com
# DN of the container where groups are stored
ldap.user.directory.groupsBaseDN=ou\=groups,dc\=myownserver,dc\=com
# Name of the attribute which holds the user's ID
ldap.user.directory.userAttr=uid
# Name of the attribute which holds the group's ID
ldap.user.directory.groupAttr=cn
Code: Select all
dc=myownserver,cd=com
+--> ou=groups
| ---> cn=Admins
| ---> cn=Facilitator
| ---> cn=Leadership
| ---> cn=Teacher
+--> ou=people
| ---> cn=Cameron Goble
| ---> cn=CMapServer Admin
| ---> cn=Testy Testerson
Thanks very much for your help!
Cameron Goble
Albuquerque NM USA