[dev.icinga.com #10659] LDAP group members are shown with their DN and membership registration does not work #2146
This issue has been migrated from Redmine: https://dev.icinga.com/issues/10659
Created by greatexpectations on 2015-11-17 10:42:06 +00:00
I have upgraded to Icingaweb2 2.1.0 on CentOS 7 using the Icinga Yum repository. Now we find that our ActiveDirectory authorization scheme which is based on group membership no longer works.
That is, users can still log in using their AD login and password (so user-based authentication works), but all they get is an empty dashboard with no options at all. We have defined roles based on AD group membership, and it seems that the association between users and groups can no longer be established with the last update.
AD groups are still listed in the UI (Configuration -> Authorization -> User Groups), but members are shown using their distinguished name (e.g. "CN=Full Name,OU=Users,DC=foo,DC=bar" instead of just "fname"). When inspecting AD users, no group memberships are shown.
2015-11-24 08:45:49 +00:00 by jmeyer 916c417
Updated by greatexpectations on 2015-11-17 11:56:48 +00:00
sure, however we were just using the default settings.
Excerpt from /etc/icingaweb2/resources.ini:
Updated by Foxeronie on 2015-11-17 19:51:07 +00:00
I have the same problem. It worked until this commit
Also my settings:
Updated by jmeyer on 2015-11-23 12:18:51 +00:00
we need more details about your environment to solve this appropriately, as it's working in our testing environment with ActiveDirectory and OpenLDAP.
Updated by jmeyer on 2015-11-24 08:43:41 +00:00
Updated by jorfermo on 2015-12-09 09:33:06 +00:00
I'm having the same problem even after applying the patch.
AD users log in succesfully but the dashboard page shows: "Currently there is no dashlet available. Please contact the administrator."
EDIT: It was a problem on my config. All's fine now.
Updated by plarivee on 2016-06-16 13:19:06 +00:00
Can you elaborate on what was the problem in your config ?