I managed to set up the LDAP authentication using IPA yesterday and I am able to log in with the LDAP users.
However, I am not able to make the role synchronization do what it should…
I have one group of LDAP users that I want to give access to checkmk and also make them admins.
So I have Group base DN and Roles->Administrator-> Group DN set to exactly the same value.
Upon save and test it also reports Sync-Plugin: Roles Success Found all 1 groups.
Still, all synchronized users end up as “Normal monitoring user”…
Any idea on how to debug this?
Things I tried:
set group base DN to the level above the group and change to “check groups one level below”, the user filter is set to (&(objectclass=posixAccount)(memberOf=<The Admin DN>))
define member attribute
define group search filter
another group that the tested user is in (in the one level below case, it was also found)
CMK version: Checkmk Raw Edition 2.2.0p21 Docker OS version: Ubuntu 22.04
Yeah, that’s what I did initially (also see things I tried).
The results then is:
Connection Success Connection established. The connection settings seem to be ok.
User Base-DN Success The User Base DN could be found.
Count Users Success Found 4 users for synchronization.
Group Base-DN Success The Group Base DN could be found.
Count Groups Success Found 250 groups for synchronization.
Sync-Plugin: Roles Success Found all 1 groups.
However, it does not lead to the user being seen as Administrator.
Thanks, so this tells me that upon synchronization it searches the following: LDAP_SEARCH "cn=<Admin group>,<group_base_dn>" "base" "(objectclass=posixgroup)" "['cn', 'memberof']"
I had this mixed up, it should not look for memberof but instead it obviously should look for the members → the member attribute.