Hi Dean,
Thanks again that worked! I can now access groups in the admin console.
Just curious, is there a list of all of the object classes available? I
am surprised that posixgroups it is not already in the web.xml, since
the sun one ldap is supported.
Thanks again.
Regards,
David
Hi David,
As the objectClass for your group is posixGroup I would recommend
modifying your web.xml to the following:
--- CUT ---
<context-param>
<param-name>com.sun.tta.confmgr.LdapGroupFilter</param-name>
<param-value><![CDATA[(&(|(objectclass=group)(objectclass=groupofnames)(
objectclass=groupofuniquenames)(objectclass=posixgroup))(|(member=*)(uniquemember=*)(memberUid=*)))]]></
param-value>
</context-param>
<context-param>
<param-name>com.sun.tta.confmgr.LdapGroupSearchFilter</param-name>
<param-value><![CDATA[(&(|(objectclass=group)(objectclass=groupofnames)(
objectclass=groupofuniquenames)(objectclass=posixgroup))(|(member=*)(uniquemember=*)(memberUid=*))(|(dc=
$SEARCH_STRING)(o=$SEARCH_STRING)(ou=$SEARCH_STRING)(cn=$SEARCH_STRING)(uid=$SEA
RCH_STRING)(mail=$SEARCH_STRING)))]]></param-value>
</context-param>
---END---
Notice the added (objectclass=posixgroup) in both. This should allow the
Admin Console to see your new group.
Hope this helps,
-- DD
David Worth wrote:
Hi Dean,
Thanks for the response. I was able add ldap group using the command
line, but the desktop admin console still did not display groups. I
added memberUid in the LdapGroupFilter and LdapGroupSearchFilter.
Here is what I added:
context-param>
<param-name>com.sun.tta.confmgr.LdapGroupFilter</param-name>
<param-value><![CDATA[(&(|(objectclass=group)(objectclass=groupofnames)(
objectclass=groupofuniquenames))(|(member=*)(uniquemember=*)(memberUid=*)))]]></
param-value>
</context-param>
<context-param>
<param-name>com.sun.tta.confmgr.LdapGroupSearchFilter</param-name>
<param-value><![CDATA[(&(|(objectclass=group)(objectclass=groupofnames)(
objectclass=groupofuniquenames))(|(member=*)(uniquemember=*)(memberUid=*))(|(dc=
$SEARCH_STRING)(o=$SEARCH_STRING)(ou=$SEARCH_STRING)(cn=$SEARCH_STRING)(uid=$SEA
RCH_STRING)(mail=$SEARCH_STRING)))]]></param-value>
</context-param>
What I am not sure if I need to update anything more. I am not sure
what values are in
"(|(objectclass=group)(objectclass=groupofnames)(objectclass=groupofuniquenames))"
Should these be updated as well? If so, could you provide an example?
I did an ldap search giving the base search upto and including the
actual group. e.g. ldapsearch -h ldaphost -b
"cn=mygroup,ou=group,dc=Data,dc=company,dc=com" "memberUid=*"
version: 1
dn: cn=mygroup,ou=group,dc=Data,dc=company,dc=com
memberUid: bob
memberUid: bill
objectClass: posixGroup
objectClass: top
gidNumber: 55003
cn: it
Thanks,
David
Hi David,
It sounds like the Admin Console doesn't recognize the group objects,
are they of a custom type? You can confirm this by using the
ldapsearch command to retrieve the objectClass attributes of one of
the group objects:
## Note you only need the -D -w options if your directory server
doesn't allow anonymous searches.
# ldapsearch -h <ldap-server> [-D <bind_dn> -w -] -b <dn_of_a_group>
"*" objectclass
The Admin Console, by default, matches the following filter:
"(|(objectclass=group)(objectclass=groupofnames)(objectclass=groupofuniquenames))"
This can be customized if needed by editing
/opt/tarantella/webserver/tomcat/<tc_version>/webapps/sgdadmin/WEB-INF/web.xml
and changing the LdapGroupFilter parameter.
Also, you could try adding the group assignment from the command line:
# /opt/tarantella/bin/tarantella object edit \
--name "o=Applications/<application_object_name>" \
--ldapgroups "<dn_of_a_group>"
Hope this helps,
-- DD
David Worth wrote:
Hi,
I just recently installed SGD version 4.41 on Solaris 10. I want to
authenticate against Sun's Java System Directory, formerly known as
Sun One Directory Server. I was successfully able to setup LDAP and
I am able to see users, however when I go to browse groups, I get no
objects found. I am doing this while adding a group to assigned
user profiles for an application.
I followed the steps in the SGD documentation as far as adding an
atribute for SGD when searching groups. The members of the group
are added to memberUid. I also added the uid to the short name
attribute. Here is what I added:
tarantella config list
--com.sco.jndi.toolkit.utils.LDAPUserCollection.properties-directAttributes
directAttributes: { uniquemember, member, uniqueMember, memberUid }
tarantella config list
--com.sco.jndi.toolkit.utils.LDAPUserCollection.properties-userShortAttributes
userShortAttributes: { uid }
Is there something else that I am missing? I am guessing there is
another step, since at this point I can not even browse any of the
groups, i.e. when I click on groups in the admin window, I get none
found.
Thanks for any help.
Regards
_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users
_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users
_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users
_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users
_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users
