0
Answered

Active Directory Security Groups

Matthew Pulsipher 6 years ago updated by Eugene Pankov (Project coordinator) 6 years ago 4
I've been having some issues with enabling AD authentication in Ajenti without giving Ajenti access to my whole Directory. Is there a known way to enable Ajenti access for a given security group? I tried limiting users to a particular OU, which works, but isn't practical as a user cannot be part of more than one OU.

Answer

Answer
Answered
Done in df15207 (will be 1.2.22.1)
Under review
I didn't try that before, but does specifying your group DN as base DN work?
Yeah, I looked through the ldap structure using ldp in Windows and set the base DN to a Security group's CN, for example, if a security group's CN is AjentiAccess, the base DN string would look like: CN=AjentiAccess,OU=Ajenti,OU=Groups,OU=IT,DC=domain,DC=com

When I do that, the sync returns no errors, but it isn't able to find any children. However, if I start the base DN with an OU, it does seem to find all of the users in the OU, excluding the security group or its members.
This would be a nice feature to add as well, another idea is to take all forms of local auth. Currently I am using sssd for ad integration which works on the system ubuntu 14.04 and id returns the groups though ajenti does not see this.
Answer
Answered
Done in df15207 (will be 1.2.22.1)