0
Answered
Active Directory Security Groups
I've been having some issues with enabling AD authentication in Ajenti without giving Ajenti access to my whole Directory. Is there a known way to enable Ajenti access for a given security group? I tried limiting users to a particular OU, which works, but isn't practical as a user cannot be part of more than one OU.
Answer
0
Answer
Answered
Eugene Pankov (Project coordinator) 10 years ago
Done in df15207 (will be 1.2.22.1)
Under review
I didn't try that before, but does specifying your group DN as base DN work?
Yeah, I looked through the ldap structure using ldp in Windows and set the base DN to a Security group's CN, for example, if a security group's CN is AjentiAccess, the base DN string would look like: CN=AjentiAccess,OU=Ajenti,OU=Groups,OU=IT,DC=domain,DC=com
When I do that, the sync returns no errors, but it isn't able to find any children. However, if I start the base DN with an OU, it does seem to find all of the users in the OU, excluding the security group or its members.
When I do that, the sync returns no errors, but it isn't able to find any children. However, if I start the base DN with an OU, it does seem to find all of the users in the OU, excluding the security group or its members.
This would be a nice feature to add as well, another idea is to take all forms of local auth. Currently I am using sssd for ad integration which works on the system ubuntu 14.04 and id returns the groups though ajenti does not see this.
Customer support service by UserEcho