[Davical-general] Automatically add members to (LDAP-) group

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[Davical-general] Automatically add members to (LDAP-) group

Gunnar Gorges
Hi everyone,

we are experimenting with importing LDAP-groups into Davical (config see
below).

After we were able to import a group we noticed that new users are not
automatically added to the group (in Davical). After manually syncing
LDAP groups with Davical they were added however.

This is not very practical in a large environment (we expect at least 50
groups when we roll out) because it produces a lot of administrative work.

Can anyone explain to me if this is intended behaviour, a mistake on my
end or simply not impelmented (hopefully: yet)?

Thanks and cheers,
Gunnar

-- LDAP groupfilter --
*snip*

'baseDNGroups' => 'ou=group,o=ldap,o=root',
'filterGroups' => "(cn=testgroup)",
'group_mapping_field' => array("username" => "cn",
                            "updated" => "modifyTimestamp",
                            "fullname" => "gecos" ,
                            "members" => "memberUid"
                       ),

'default_value' => array("date_format_type" => "E"),
'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=>
array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
'startTLS' => 'yes',  // Require that TLS is used for LDAP?

*snip*

--
Gunnar Gorges
Central IT Services - ZMAW
Mail:[hidden email]
Tel.: +49 (0)40 41173 287



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general

smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Automatically add members to (LDAP-) group

Andrew McMillan
On Wed, 2012-07-18 at 11:07 +0200, Gunnar Gorges wrote:

> Hi everyone,
>
> we are experimenting with importing LDAP-groups into Davical (config see
> below).
>
> After we were able to import a group we noticed that new users are not
> automatically added to the group (in Davical). After manually syncing
> LDAP groups with Davical they were added however.
>
> This is not very practical in a large environment (we expect at least 50
> groups when we roll out) because it produces a lot of administrative work.
>
> Can anyone explain to me if this is intended behaviour, a mistake on my
> end or simply not impelmented (hopefully: yet)?
Just to be clear...  are you saying that when a user logs in for the
first time, they are not being added to the LDAP groups that they are a
member of?

Or when a user logs in after their LDAP group memberships have changed,
their login details are not updated?  In either case it sounds like a
bug.

Cheers,
                                        Andrew.

>
> Thanks and cheers,
> Gunnar
>
> -- LDAP groupfilter --
> *snip*
>
> 'baseDNGroups' => 'ou=group,o=ldap,o=root',
> 'filterGroups' => "(cn=testgroup)",
> 'group_mapping_field' => array("username" => "cn",
>                             "updated" => "modifyTimestamp",
>                             "fullname" => "gecos" ,
>                             "members" => "memberUid"
>                        ),
>
> 'default_value' => array("date_format_type" => "E"),
> 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=>
> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
> 'startTLS' => 'yes',  // Require that TLS is used for LDAP?
>
> *snip*
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________ Davical-general mailing list [hidden email] https://lists.sourceforge.net/lists/listinfo/davical-general
--
------------------------------------------------------------------------
andrew (AT) morphoss (DOT) com                            +64(272)DEBIAN
           Haste makes waste.
                -- John Heywood
------------------------------------------------------------------------


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Automatically add members to (LDAP-) group

Gunnar Gorges
In reply to this post by Gunnar Gorges
Dear Ján,

> Use cron with the following script to automatically sync Davical with LDAP:
> /usr/share/davical/scripts/cron-sync-ldap.php

thanks for that, didn't know it.
I am not sure though no underlying problem exists (see Andrews mail).

> On Jul 18, 2012, at 11:07 AM, Gunnar Gorges <[hidden email]> wrote:
>
>> Hi everyone,
>>
>> we are experimenting with importing LDAP-groups into Davical (config see below).
>>
>> After we were able to import a group we noticed that new users are not automatically added to the group (in Davical). After manually syncing LDAP groups with Davical they were added however.
>>
>> This is not very practical in a large environment (we expect at least 50 groups when we roll out) because it produces a lot of administrative work.
>>
>> Can anyone explain to me if this is intended behaviour, a mistake on my end or simply not impelmented (hopefully: yet)?
>>
>> Thanks and cheers,
>> Gunnar
>>
>> -- LDAP groupfilter --
>> *snip*
>>
>> 'baseDNGroups' => 'ou=group,o=ldap,o=root',
>> 'filterGroups' => "(cn=testgroup)",
>> 'group_mapping_field' => array("username" => "cn",
>>                            "updated" => "modifyTimestamp",
>>                            "fullname" => "gecos" ,
>>                            "members" => "memberUid"
>>                       ),
>>
>> 'default_value' => array("date_format_type" => "E"),
>> 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
>> 'startTLS' => 'yes',  // Require that TLS is used for LDAP?
>>
>> *snip*
>>
>> --
>> Gunnar Gorges
>> Central IT Services - ZMAW
>> Mail:[hidden email]
>> Tel.: +49 (0)40 41173 287
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
>> Davical-general mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/davical-general
>

--
Gunnar Gorges
Central IT Services - ZMAW
Mail: [hidden email]
Tel.: +49 (0)40 41173 287




------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general

smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Automatically add members to (LDAP-) group

Gunnar Gorges
In reply to this post by Andrew McMillan
Hi Andrew,

first of all thanks for your prompt answer!

Concerning your first question:
When a user logs in for the first time, they are indeed NOT added to the
LDAP-group they belong to. This only happens after manually syncing with
LDAP (or after the cronjob that Ján suggested ran for the first time).

As for the second question, the result is similar: When I remove a user
from the LDAP-group his membership in Davical remains as it is - until,
however, I run the script manually.

Thanks again for your help,
Gunnar

>> Hi everyone,
>>
>> we are experimenting with importing LDAP-groups into Davical (config see
>> below).
>>
>> After we were able to import a group we noticed that new users are not
>> automatically added to the group (in Davical). After manually syncing
>> LDAP groups with Davical they were added however.
>>
>> This is not very practical in a large environment (we expect at least 50
>> groups when we roll out) because it produces a lot of administrative work.
>>
>> Can anyone explain to me if this is intended behaviour, a mistake on my
>> end or simply not impelmented (hopefully: yet)?
>
> Just to be clear...  are you saying that when a user logs in for the
> first time, they are not being added to the LDAP groups that they are a
> member of?
>
> Or when a user logs in after their LDAP group memberships have changed,
> their login details are not updated?  In either case it sounds like a
> bug.
>
> Cheers,
> Andrew.
>
>>
>> Thanks and cheers,
>> Gunnar
>>
>> -- LDAP groupfilter --
>> *snip*
>>
>> 'baseDNGroups' => 'ou=group,o=ldap,o=root',
>> 'filterGroups' => "(cn=testgroup)",
>> 'group_mapping_field' => array("username" => "cn",
>>                              "updated" => "modifyTimestamp",
>>                              "fullname" => "gecos" ,
>>                              "members" => "memberUid"
>>                         ),
>>
>> 'default_value' => array("date_format_type" => "E"),
>> 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=>
>> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
>> 'startTLS' => 'yes',  // Require that TLS is used for LDAP?
>>
>> *snip*
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________ Davical-general mailing list [hidden email] https://lists.sourceforge.net/lists/listinfo/davical-general
>

--
Gunnar Gorges
Central IT Services - ZMAW
Mail: [hidden email]
Tel.: +49 (0)40 41173 287





------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general

smime.p7s (6K) Download Attachment