-
Notifications
You must be signed in to change notification settings - Fork 127
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v2 testing with ldap - default peers #213
Comments
update: when i set up the peer defaults on the interface before the ldap sync starts i got this:
So in this case the new user is admin, but it ends on the same permission problem. |
@pasztorl please give your work config.yaml (without creds of course) as an example. I can't configure in on V2 alpha testing. I get an error: |
this issue cannot be reproduced - default peers are created for admin and non-admin users @Sarevok933219 a sample config could look like this: core:
admin_user: admin@wgportal.local
admin_password: secret
create_default_peer: true
advanced:
log_level: debug
log_pretty: true
log_json: false
config_storage_path: /etc/wireguard
expiry_check_interval: 15m
statistics:
collect_peer_data: false
collect_audit_data: false
collect_interface_data: false
database:
debug: true
type: sqlite
dsn: data/sqlite.db
auth:
callback_url_prefix: https://vpn.yourcompany.com/api/v0
ldap:
- id: ldap
provider_name: Active Directory
display_name: Login with</br>AD
url: ldap://ad01.your-company.local:389
bind_user: ldap_wireguard@your-company.local
bind_pass: a-super-S3CRET-password
base_dn: DC=YOURCOMPANY,DC=LOCAL
login_filter: (&(objectClass=organizationalPerson)(mail={{login_identifier}})(!userAccountControl:1.2.840.113556.1.4.803:=2))
admin_group: CN=WireGuardAdmins,OU=_O_ASampleGroup,DC=YOURCOMPANY,DC=LOCAL
synchronize: true
sync_filter: (&(objectClass=organizationalPerson)(!userAccountControl:1.2.840.113556.1.4.803:=2)(mail=*))
registration_enabled: true |
Hi,
I'm continued testing the v2 version and I configured ldap user sync.
I also configured it to create default peer for the new users.
I found out that if the user is not in the admin group wg-portal can't create the default peer because of permission problem.
This is the expected operation? I hope not, because it would be great if I can sync new users from ldap (without admin rights) and they can log in and download the precreated client configuration.
In the second try I started to sync users from ldap with admin group. In this case I haven't got permission problem, but the default peer config not created.
Here is the log:
Unfortunately there is no info about the error.
The text was updated successfully, but these errors were encountered: