Active Directory Security Groups

Matthew Pulsipher 7 year бұрын updated by Eugene Pankov (Project coordinator) 7 year бұрын 4
I've been having some issues with enabling AD authentication in Ajenti without giving Ajenti access to my whole Directory. Is there a known way to enable Ajenti access for a given security group? I tried limiting users to a particular OU, which works, but isn't practical as a user cannot be part of more than one OU.


Under review
I didn't try that before, but does specifying your group DN as base DN work?
Yeah, I looked through the ldap structure using ldp in Windows and set the base DN to a Security group's CN, for example, if a security group's CN is AjentiAccess, the base DN string would look like: CN=AjentiAccess,OU=Ajenti,OU=Groups,OU=IT,DC=domain,DC=com

When I do that, the sync returns no errors, but it isn't able to find any children. However, if I start the base DN with an OU, it does seem to find all of the users in the OU, excluding the security group or its members.
This would be a nice feature to add as well, another idea is to take all forms of local auth. Currently I am using sssd for ad integration which works on the system ubuntu 14.04 and id returns the groups though ajenti does not see this.