Archived community.zenoss.org | full text search
Skip navigation
Up to Discussions in zenoss-users
2088 Views 3 Replies Latest reply: Nov 10, 2011 9:21 AM by dpetzel RSS
Joe Lemaire Newbie
Joe Lemaire
2 posts since
Nov 8, 2011
Currently Being Moderated

Nov 9, 2011 3:50 PM

ActiveDirectory with Groups - All or nothing

All,

 

I am running Zenoss 3.2.1 on Centos 5.7 (i386), and am having an issue with my AD Integration.  I've installed the ActiveDirectory and LDAP multi-plugins, and configured them according to this guide:  docs/DOC-2510.  I've got the binding to work with the 'Default User Role' being Anonymous (see attached pic1.png), and have setup my AD Group to map to the Zope Groups (see attached pic2.png). This then lets my Domain Admins into Zenoss with the correct privilege.  However, adding in the AD group seems to also give all AD users, regardless of their membership to the specified AD group, the access specified.  So, per pic2.png, adding in the Domain Admins group as ZopeManagers, gives all users that privilege, not just Domain Admins.  If I remove the group, everyone has anonymous access, as expected.

 

Any thougths?  Thanks in advance!

 

~Joe

Attachments:
Tags: ldap, centos, active_directory, ad, 3.2.1, activedirectory
  • dpetzel Rank: Brown Belt
    dpetzel
    1,141 posts since
    Oct 17, 2010
    Currently Being Moderated
    1. Nov 9, 2011 8:09 PM (in response to Joe Lemaire)
    Re: ActiveDirectory with Groups - All or nothing

    I compared my settings (3.2.1 on RHEL 5.6). My configuration is just a little different than yours and that DOC.  I'm not sure either will matter, but throwing them out just in case.

     

    1) We don't map domain admins --> manager, but instead we use a seperate group which my team is a member of. My team isnt in the domain admins group so I can't test this, but maybe trying creating a new group "Zenoss Admins" and making all the current members of domains admins members of that group, and use that group instead of Domain Admins

     

    2) For "Group mapping (Applies to LDAP group storage only)" I'm set to automatic mapping rather than manual. Not sure if you've tried that already or not, but maybe worth a shot.

  • Joe Lemaire Newbie
    Joe Lemaire
    2 posts since
    Nov 8, 2011
    Currently Being Moderated
    2. Nov 10, 2011 7:59 AM (in response to dpetzel)
    Re: ActiveDirectory with Groups - All or nothing

    Hey dpetzel,

     

    Thanks for the response!  Unfortunetly, I tried both, and neither worked.  Any other thoughts?

     

    Thanks,

     

    ~Joe

  • dpetzel Rank: Brown Belt
    dpetzel
    1,141 posts since
    Oct 17, 2010
    Currently Being Moderated
    3. Nov 10, 2011 9:21 AM (in response to Joe Lemaire)
    Re: ActiveDirectory with Groups - All or nothing

    I wish I could say I had some other ideas, but I'm afraid I don't.

More Like This

  • Retrieving data ...

Legend

  • Correct Answers - 4 points
  • Helpful Answers - 2 points