Hi Dean,
Thanks for the response. I was able add ldap group using the command
line, but the desktop admin console still did not display groups. I
added memberUid in the LdapGroupFilter and LdapGroupSearchFilter. Here
is what I added:
context-param>
<param-name>com.sun.tta.confmgr.LdapGroupFilter</param-name>
<param-value><![CDATA[(&(|(objectclass=group)(objectclass=groupofnames)(
objectclass=groupofuniquenames))(|(member=*)(uniquemember=*)(memberUid=*)))]]></
param-value>
</context-param>
<context-param>
<param-name>com.sun.tta.confmgr.LdapGroupSearchFilter</param-name>
<param-value><![CDATA[(&(|(objectclass=group)(objectclass=groupofnames)(
objectclass=groupofuniquenames))(|(member=*)(uniquemember=*)(memberUid=*))(|(dc=
$SEARCH_STRING)(o=$SEARCH_STRING)(ou=$SEARCH_STRING)(cn=$SEARCH_STRING)(uid=$SEA
RCH_STRING)(mail=$SEARCH_STRING)))]]></param-value>
</context-param>
What I am not sure if I need to update anything more. I am not sure
what values are in
"(|(objectclass=group)(objectclass=groupofnames)(objectclass=groupofuniquenames))"
Should these be updated as well? If so, could you provide an example?
I did an ldap search giving the base search upto and including the
actual group.
e.g. ldapsearch -h ldaphost -b
"cn=mygroup,ou=group,dc=Data,dc=company,dc=com" "memberUid=*"
version: 1
dn: cn=mygroup,ou=group,dc=Data,dc=company,dc=com
memberUid: bob
memberUid: bill
objectClass: posixGroup
objectClass: top
gidNumber: 55003
cn: it
Thanks,
David
Hi David,
It sounds like the Admin Console doesn't recognize the group objects,
are they of a custom type? You can confirm this by using the ldapsearch
command to retrieve the objectClass attributes of one of the group objects:
## Note you only need the -D -w options if your directory server doesn't
allow anonymous searches.
# ldapsearch -h <ldap-server> [-D <bind_dn> -w -] -b <dn_of_a_group> "*"
objectclass
The Admin Console, by default, matches the following filter:
"(|(objectclass=group)(objectclass=groupofnames)(objectclass=groupofuniquenames))"
This can be customized if needed by editing
/opt/tarantella/webserver/tomcat/<tc_version>/webapps/sgdadmin/WEB-INF/web.xml
and changing the LdapGroupFilter parameter.
Also, you could try adding the group assignment from the command line:
# /opt/tarantella/bin/tarantella object edit \
--name "o=Applications/<application_object_name>" \
--ldapgroups "<dn_of_a_group>"
Hope this helps,
-- DD
David Worth wrote:
Hi,
I just recently installed SGD version 4.41 on Solaris 10. I want to
authenticate against Sun's Java System Directory, formerly known as
Sun One Directory Server. I was successfully able to setup LDAP and I
am able to see users, however when I go to browse groups, I get no
objects found. I am doing this while adding a group to assigned user
profiles for an application.
I followed the steps in the SGD documentation as far as adding an
atribute for SGD when searching groups. The members of the group are
added to memberUid. I also added the uid to the short name
attribute. Here is what I added:
tarantella config list
--com.sco.jndi.toolkit.utils.LDAPUserCollection.properties-directAttributes
directAttributes: { uniquemember, member, uniqueMember, memberUid }
tarantella config list
--com.sco.jndi.toolkit.utils.LDAPUserCollection.properties-userShortAttributes
userShortAttributes: { uid }
Is there something else that I am missing? I am guessing there is
another step, since at this point I can not even browse any of the
groups, i.e. when I click on groups in the admin window, I get none
found.
Thanks for any help.
Regards
_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users
_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users
_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users
