How to provide access privileges to LDAP users

grafanakedar · August 20, 2017, 8:50am

I have 2 users (sssd_pb and sssd_qns) in LDAP as below

LDAP URL : ldaps://ldap_l.cisco.com:10648/uid=sssd_pb,ou=users,dc=sprint,dc=com?hasSubordinates,objectClass?one?(objectClass=*)

command line : ldapsearch -H ldaps://ldap_l.cisco.com:10648 -x -D “uid=admin,ou=system” -W -b “uid=sssd_pb,ou=users,dc=sprint,dc=com” -s one -a always -z 1000 “(objectClass=*)” “hasSubordinates” “objectClass”

baseObject : uid=sssd_pb,ou=users,dc=sprint,dc=com

filter : (objectClass=*)

attributes : hasSubordinates objectClass

LDAP URL : ldaps://ldap_l.cisco.com:10648/uid=sssd_qns,ou=users,dc=sprint,dc=com?hasSubordinates,objectClass?one?(objectClass=*)

command line : ldapsearch -H ldaps://ldap_l.cisco.com:10648 -x -D “uid=admin,ou=system” -W -b “uid=sssd_qns,ou=users,dc=sprint,dc=com” -s one -a always -z 1000 “(objectClass=*)” “hasSubordinates” “objectClass”

baseObject : uid=sssd_qns,ou=users,dc=sprint,dc=com

filter : (objectClass=*)

attributes : hasSubordinates objectClass

I want to grant Admin access to sssd_pb and Viewer access to sssd_qns.
May I know what should be values for ‘group_search_filter’, ‘group_search_base_dns’ and ‘[[servers.group_mappings]]’ in ldap.toml ?

I do not have ‘ou=groups’ in LDAP. Is it mandatory for my requirement?

grafanakedar · August 24, 2017, 7:13pm

I have fixed this. There was a problem in my LDAP entries.
After assigning groups correctly to users, it started working fine.

Topic		Replies	Views
How to set up LDAP Group Roles Configuration	1	5222	February 22, 2021
Ldap Auth: user does not belong in any of the specified ldap groups Authentication	3	4466	September 6, 2024
Strange behaviour for ldap group mapping Configuration	0	550	January 8, 2019
Ldap user did not obtain expected administrative privileges Authentication ldap	0	138	January 29, 2024
Grafana, LDAP error Authentication ldap , configuration	1	1894	May 31, 2022

How to provide access privileges to LDAP users

LDAP URL : ldaps://ldap_l.cisco.com:10648/uid=sssd_pb,ou=users,dc=sprint,dc=com?hasSubordinates,objectClass?one?(objectClass=*)

command line : ldapsearch -H ldaps://ldap_l.cisco.com:10648 -x -D “uid=admin,ou=system” -W -b “uid=sssd_pb,ou=users,dc=sprint,dc=com” -s one -a always -z 1000 “(objectClass=*)” “hasSubordinates” “objectClass”

baseObject : uid=sssd_pb,ou=users,dc=sprint,dc=com

filter : (objectClass=*)

attributes : hasSubordinates objectClass

LDAP URL : ldaps://ldap_l.cisco.com:10648/uid=sssd_qns,ou=users,dc=sprint,dc=com?hasSubordinates,objectClass?one?(objectClass=*)

command line : ldapsearch -H ldaps://ldap_l.cisco.com:10648 -x -D “uid=admin,ou=system” -W -b “uid=sssd_qns,ou=users,dc=sprint,dc=com” -s one -a always -z 1000 “(objectClass=*)” “hasSubordinates” “objectClass”

baseObject : uid=sssd_qns,ou=users,dc=sprint,dc=com

filter : (objectClass=*)

attributes : hasSubordinates objectClass

Related topics