Hi Stefan On Mon, 22 Aug 2016 10:58:35 -0700 (PDT) Stefan Heijmans <[email protected]> wrote: > Hi, > > Are AD nested groups supported with Foreman? > As I cannot login with a user which is a member of a nested group, a user > directly in a group works fine. > > > The rake ldap:refresh_usergroups task gives the following error message; > User group <group> could not be refreshed - LDAP source LDAP-<ldap> not > available: LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException [...]
Looks similar to http://projects.theforeman.org/issues/16231. In our case nested groups work though, it looks like this: * foreman_admins (group) - server_admins (group) - user2 * foreman_users (group) - user3 - user4 It also works on filters by using the LDAP_MATCHING_RULE_IN_CHAIN flag: filter = memberOf:1.2.840.113556.1.4.1941:=cn=mygroup,ou=foo,ou=bar... Cheers Michael -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
pgp9EsA7ir3Pa.pgp
Description: OpenPGP digital signature
