Tags:
create new tag
view all tags

SID-01152: Access Control through Ldap Groups not working

Status: Answered Answered TWiki version: 5.0.1 Perl version: 5.8.8
Category: CategoryAccessControl Server OS: centos 5.5 Last update: 14 years ago

Hi,

I have successfully implemented Authetication via LDAP using ldap contrib , users are able to login fine ...when I try to set access control by going to WebPreferences.txt , it works for individual Ldap users but not for ldap groups .

In the log when I check it is adding the relevant groups but the last line in the log shows

{ LdapUserMapping - called eachGroupMember(TWikiAdminGroup) }

This group is not there in ldap and have excluded this by going into . $TWiki::cfg{Ldap}{Exclude}

Groupsettings are as follows in LocalSite.cfg

$TWiki::cfg{Ldap}{GroupBase} = 'ou=All Users,dc=xxx,dc=xxxx,dc=com'; $TWiki::cfg{Ldap}{GroupFilter} = 'objectClass=group'; $TWiki::cfg{Ldap}{GroupScope} = 'sub'; $TWiki::cfg{Ldap}{GroupAttribute} = 'cn'; $TWiki::cfg{Ldap}{PrimaryGroupAttribute} = 'gidNumber'; $TWiki::cfg{Ldap}{MemberAttribute} = 'memberUid'; $TWiki::cfg{Ldap}{InnerGroupAttribute} = 'memberUid'; $TWiki::cfg{Ldap}{MemberIndirection} = 1; $TWiki::cfg{Ldap}{WikiGroupsBackoff} = 0; $TWiki::cfg{Ldap}{MapGroups} = 1; $TWiki::cfg{Ldap}{RewriteGroups} = {}; $TWiki::cfg{Ldap}{MergeGroups} = 1; $TWiki::cfg{Ldap}{MaxCacheAge} = '50'; $TWiki::cfg{Ldap}{Precache} = 1; $TWiki::cfg{Ldap}{PageSize} = 500; $TWiki::cfg{Ldap}{Exclude} = 'WikiGuest, ProjectContributor, RegistrationAgent, UnknownUser, AdminGroup, NobodyGroup, AdminUser, TWikiAdminGroup,admin, guest'; 1;

-- TWikiGuest - 2011-04-21

Discussion and Answer

Closing this question after more than 30 days of inactivity. Feel free to reopen if needed. Consider engaging one of the TWiki consultants if you need timely help. We invite you to get involved with the community, it is more likely you get community support if you support the open source project!

-- PeterThoeny - 2011-06-16

      Change status to:
ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.
SupportForm
Status Answered
Title Access Control through Ldap Groups not working
SupportCategory CategoryAccessControl
TWiki version 5.0.1
Server OS centos 5.5
Web server 2.2.3
Perl version 5.8.8
Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2011-06-16 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.