[omd-devel] Matching group membership in LDAP for "posixGroup"

Lars Michelsen lm at mathias-kettner.de
Mon Jul 22 09:21:51 CEST 2013


Hello Steven,

thanks for the information and the patch. I just pushed this change to 
the git master.

Please use Check_MK dedicated lists 
(http://mathias-kettner.de/check_mk_lists.html) for future Check_MK 
related mails.

Kind regards
Lars

On 07/18/2013 10:31 AM, Steven Bakker wrote:
> Hi,
>
> I noticed that the LDAP authentication module for check_mk supports
> mapping groups from LDAP to privilege levels in check_mk. However, the
> code assumes that group membership is implemented as a "groupOfNames" or
> "groupOfUniqueNames" using attributes "member" or "uniqueMember", resp.
> That attribute is supposed to hold a member's "dn":
>
>    dn: cn=daltons,ou=groups,dc=example,dc=com
>    objectClass: groupOfNames
>    cn: daltons
>    member: uid=joe,ou=people,dc=example,dc=com
>    member: uid=jack,ou=people,dc=example,dc=com
>    member: uid=william,ou=people,dc=example,dc=com
>    member: uid=averell,ou=people,dc=example,dc=com
>    ...
>
> This does not integrate well with those of us who use "posixGroup"
> objects, which use the "memberUid" attribute to specify group
> membership:
>
>    dn: cn=daltons,ou=groups,dc=example,dc=com
>    objectClass: posixGroup
>    cn: daltons
>    memberUid: joe
>    memberUid: jack
>    memberUid: william
>    memberUid: averell
>    ...
>
> It turns out that the patch to support the latter is almost trivial, see
> attached. I'd appreciate it if this could be considered for inclusion in
> a future release.
>
> Best regards,
>
> Steven Bakker
>
> PS: OMD/check_mk rocks!
>
>
>
> _______________________________________________
> omd-devel mailing list
> omd-devel at lists.mathias-kettner.de
> http://lists.mathias-kettner.de/mailman/listinfo/omd-devel
>



More information about the omd-devel mailing list