Joe Lemaire
2011-11-09 20:50:41 UTC
Joe Lemaire [http://community.zenoss.org/people/JoeLemaire] created the discussion
"ActiveDirectory with Groups - All or nothing"
To view the discussion, visit: http://community.zenoss.org/message/62541#62541
--------------------------------------------------------------
All,
I am running Zenoss 3.2.1 on Centos 5.7 (i386), and am having an issue with my AD Integration. I've installed the ActiveDirectory and LDAP multi-plugins, and configured them according to this guide: http://community.zenoss.org/docs/DOC-2510 http://community.zenoss.org/docs/DOC-2510. I've got the binding to work with the 'Default User Role' being Anonymous (see attached pic1.png), and have setup my AD Group to map to the Zope Groups (see attached pic2.png). This then lets my Domain Admins into Zenoss with the correct privilege. However, adding in the AD group seems to also give all AD users, regardless of their membership to the specified AD group, the access specified. So, per pic2.png, adding in the Domain Admins group as ZopeManagers, gives all users that privilege, not just Domain Admins. If I remove the group, everyone has anonymous access, as expected.
Any thougths? Thanks in advance!
~Joe
--------------------------------------------------------------
Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/62541#62541]
Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
"ActiveDirectory with Groups - All or nothing"
To view the discussion, visit: http://community.zenoss.org/message/62541#62541
--------------------------------------------------------------
All,
I am running Zenoss 3.2.1 on Centos 5.7 (i386), and am having an issue with my AD Integration. I've installed the ActiveDirectory and LDAP multi-plugins, and configured them according to this guide: http://community.zenoss.org/docs/DOC-2510 http://community.zenoss.org/docs/DOC-2510. I've got the binding to work with the 'Default User Role' being Anonymous (see attached pic1.png), and have setup my AD Group to map to the Zope Groups (see attached pic2.png). This then lets my Domain Admins into Zenoss with the correct privilege. However, adding in the AD group seems to also give all AD users, regardless of their membership to the specified AD group, the access specified. So, per pic2.png, adding in the Domain Admins group as ZopeManagers, gives all users that privilege, not just Domain Admins. If I remove the group, everyone has anonymous access, as expected.
Any thougths? Thanks in advance!
~Joe
--------------------------------------------------------------
Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/62541#62541]
Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]