Nov 9, 2011 3:50 PM
ActiveDirectory with Groups - All or nothing
-
Like (0)
All,
I am running Zenoss 3.2.1 on Centos 5.7 (i386), and am having an issue with my AD Integration. I've installed the ActiveDirectory and LDAP multi-plugins, and configured them according to this guide: docs/DOC-2510. I've got the binding to work with the 'Default User Role' being Anonymous (see attached pic1.png), and have setup my AD Group to map to the Zope Groups (see attached pic2.png). This then lets my Domain Admins into Zenoss with the correct privilege. However, adding in the AD group seems to also give all AD users, regardless of their membership to the specified AD group, the access specified. So, per pic2.png, adding in the Domain Admins group as ZopeManagers, gives all users that privilege, not just Domain Admins. If I remove the group, everyone has anonymous access, as expected.
Any thougths? Thanks in advance!
~Joe
I compared my settings (3.2.1 on RHEL 5.6). My configuration is just a little different than yours and that DOC. I'm not sure either will matter, but throwing them out just in case.
1) We don't map domain admins --> manager, but instead we use a seperate group which my team is a member of. My team isnt in the domain admins group so I can't test this, but maybe trying creating a new group "Zenoss Admins" and making all the current members of domains admins members of that group, and use that group instead of Domain Admins
2) For "Group mapping (Applies to LDAP group storage only)" I'm set to automatic mapping rather than manual. Not sure if you've tried that already or not, but maybe worth a shot.
Hey dpetzel,
Thanks for the response! Unfortunetly, I tried both, and neither worked. Any other thoughts?
Thanks,
~Joe
I wish I could say I had some other ideas, but I'm afraid I don't.
Follow Us On Twitter »
|
Latest from the Zenoss Blog » | Community | Products | Services Resources | Customers Partners | About Us | ||
Copyright © 2005-2011 Zenoss, Inc.
|
||||||||