[prev in list] [next in list] [prev in thread] [next in thread]
List: opennms-discuss
Subject: Re: [opennms-discuss] Please Help with LDAP activeDirectory.xml
From: "Keaney, Will" <will.keaney () kroger ! com>
Date: 2016-04-28 13:50:06
Message-ID: 1827CED85F57CD43BDC3A58A6DD4EFE53D734E08 () N060XBOXP32 ! kroger ! com
[Download RAW message or body]
Hi Danny,
Maybe compare the results of an LDAP query for both your admin and your regular users \
and groups, and see if the memberOf attribute is where you expect it to be for both? \
That the admin users are able to log in, but regular users can't, says there's a \
disconnect between the configuration in spring-security, and your AD configuration \
for those users.
--Will
Will Keaney
PGP Key Fingerprint: C33E 7D8A 0AF7 D7A8 E34B A7C1 038E 86CC B770 A75A
From: Gibson, Daniel P [mailto:dg0123@u.washington.edu]
Sent: Wednesday, April 27, 2016 15:38
To: General OpenNMS Discussion
Subject: [opennms-discuss] Please Help with LDAP activeDirectory.xml
G' day OpenNMS Gurus,
I am still struggling with my ldap authentication. I know the login authentication \
is working and my Admins are gaining full access...but my standard users are getting \
logged in but I get the "Permission Denied" page as it seems the USER_ROLE mapping \
isn't being recognized.
Can someone who understands the xml file see if anything looks abnormal or may be \
missing...this is a major road block in getting this tool implemented here at my \
company. Items in Red are my definitions, but changed for security reason...just \
cannot get standard users to work...
Please, any and all help greatly appreciated,
Danny
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans \
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security \
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<beans:bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="ignorePartialResultException" value="true"/>
</beans:bean>
<beans:bean id="contextSource" \
class="org.springframework.ldap.core.support.LdapContextSource"> <beans:property \
name="urls"> <beans:list>
<!-- List one or more of your Active Directory domain controllers here -->
<beans:value>ldap://abc.mycompany.org:389/</beans:value>
</beans:list>
</beans:property>
<!-- An optional base DN. Every user and group below is relative to this. -->
<beans:property name="base" value="dc=abc,dc=mycompany,dc=org" />
<beans:property name="authenticationSource" ref="authenticationSource" />
</beans:bean>
<beans:bean id="authenticationSource" \
class="org.springframework.ldap.authentication.DefaultValuesAuthenticationSourceDecorator">
<beans:property name="target" ref="springSecurityAuthenticationSource"/>
<!-- Identify an unprivileged user for initial binding to the directory -->
<!-- In some cases, expressing the user as an LDAP DN is the right way -->
<!-- In other cases, it's necessary to express it in user@domain format -->
<!-- <beans:property name="defaultUser" \
value="opennms_bind@example.org<mailto:opennms_bind@example.org>"/> --> <!-- Specify \
the unprivileged bind user's password here --> <beans:property name="defaultUser" \
value="myuser@myCompany.org<mailto:myuser@myCompany.org>"/> <beans:property \
name="defaultPassword" value="catfur4U"/> </beans:bean>
<beans:bean id="springSecurityAuthenticationSource" \
class="org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource">
</beans:bean>
<beans:bean id="externalAuthenticationProvider" \
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> \
<beans:constructor-arg ref="ldapAuthenticator"/> <beans:constructor-arg \
ref="userGroupLdapAuthoritiesPopulator"/> </beans:bean>
<beans:bean id="ldapAuthenticator" \
class="org.springframework.security.ldap.authentication.BindAuthenticator"> \
<beans:constructor-arg ref="contextSource"/> <beans:property name="userSearch" \
ref="userSearch"></beans:property> </beans:bean>
<!-- userSearch (alt.: userDnPatterns) -->
<beans:bean id="userSearch" \
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> \
<beans:constructor-arg index="0" value="ou=UserAccounts" /> <!-- More complex \
filters are possible depending on the layout of your directory --> \
<beans:constructor-arg index="1" value="(sAMAccountName={0})" /> \
<beans:constructor-arg index="2" ref="contextSource" /> <beans:property \
name="searchSubtree" value="true" /> </beans:bean>
<beans:bean id="userGroupLdapAuthoritiesPopulator" \
class="org.opennms.web.springframework.security.UserGroupLdapAuthoritiesPopulator"> \
<beans:constructor-arg ref="contextSource"/> <!-- Common LDAP container for the user \
and admin groups listed below --> <beans:constructor-arg \
value="ou=UserGroups,ou=UserAccounts" /> <!-- <beans:constructor-arg \
value="ou=UserGroups,ou=UserAccounts" /> --> <beans:property name="searchSubtree" \
value="true" /> <beans:property name="convertToUpperCase" value="true" />
<beans:property name="groupRoleAttribute" value="cn" />
<!-- <beans:property name="groupSearchFilter" value="member={0}" /> -->
<!-- If using nested AD groups, try the following groupSearchFilter instead -->
<!-- <beans:property name="groupSearchFilter" \
value="member:1.2.840.113556.1.4.1941:={0}" /> --> <beans:property \
name="groupSearchFilter" value="member={0}" /> <beans:property \
name="groupToRoleMap"> <beans:map>
<beans:entry>
<!-- Name of the AD group for OpenNMS administrators -->
<beans:key><beans:value>My_Admins</beans:value></beans:key>
<beans:list>
<beans:value>ROLE_USER</beans:value>
<beans:value>ROLE_ADMIN</beans:value>
</beans:list>
</beans:entry>
<beans:entry>
<!-- Name of the AD group for normal (non-admin) OpenNMS users -->
<!-- <beans:key><beans:value>Domain Users \
All_ITS_Staff</beans:value></beans:key> --> \
<beans:key><beans:value>My_Staff</beans:value></beans:key> <beans:list>
<beans:value>ROLE_USER</beans:value>
<!-- <beans:value>ROLE_DASHBOARD</beans:value> -->
</beans:list>
</beans:entry>
</beans:map>
</beans:property>
</beans:bean>
</beans:beans>
________________________________
This e-mail message, including any attachments, is for the sole use of the intended \
recipient(s) and may contain information that is confidential and protected by law \
from unauthorized disclosure. Any unauthorized review, use, disclosure or \
distribution is prohibited. If you are not the intended recipient, please contact the \
sender by reply e-mail and destroy all copies of the original message.
[Attachment #3 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"MS PGothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@MS PGothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.Code, li.Code, div.Code
{mso-style-name:Code;
mso-style-link:"Code Char";
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:Consolas;
color:black;
mso-fareast-language:JA;
font-weight:bold;}
span.CodeChar
{mso-style-name:"Code Char";
mso-style-link:Code;
font-family:Consolas;
color:black;
mso-fareast-language:JA;
font-weight:bold;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Times New Roman","serif";
color:windowtext;
font-weight:normal;
font-style:normal;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hi Danny,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Maybe compare the results of an LDAP \
query for both your admin and your regular users and groups, and see if the memberOf \
attribute is where you expect it to be for both? That the admin users are able to log \
in, but regular users can’t, says there’s a disconnect between the \
configuration in spring-security, and your AD configuration for those \
users.<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="color:#1F497D"><o:p> </o:p></span></p> <p class="MsoNormal"><span \
style="color:#1F497D">--Will<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="color:#1F497D"><o:p> </o:p></span></p> <div>
<p class="MsoNormal" style="text-autospace:none"><b><span \
style="font-size:10.0pt;font-family:Consolas;color:#135D13">Will Keaney<br> \
</span></b><span style="font-size:8.0pt;font-family:Consolas;color:#135D13">PGP Key \
Fingerprint: C33E 7D8A 0AF7 D7A8 E34B A7C1 038E 86CC B770 \
A75A<o:p></o:p></span></p> </div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-left:.5in"><b><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> \
Gibson, Daniel P [mailto:dg0123@u.washington.edu] <br>
<b>Sent:</b> Wednesday, April 27, 2016 15:38<br>
<b>To:</b> General OpenNMS Discussion<br>
<b>Subject:</b> [opennms-discuss] Please Help with LDAP \
activeDirectory.xml<o:p></o:p></span></p> </div>
</div>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span \
style="font-size:12.0pt;font-family:"Times New \
Roman","serif"">G’ day OpenNMS Gurus,<o:p></o:p></span></p> <p \
class="MsoNormal" style="margin-left:.5in"><span \
style="font-size:12.0pt;font-family:"Times New \
Roman","serif""><o:p> </o:p></span></p> <p class="MsoNormal" \
style="margin-left:.5in"><span style="font-size:12.0pt;font-family:"Times New \
Roman","serif"">I am still struggling with my ldap \
authentication. I know the login authentication is working and my Admins are \
gaining full access…but my standard users are getting logged in but I get the \
“Permission Denied” page as it seems the USER_ROLE mapping isn’t \
being recognized.<o:p></o:p></span></p> <p class="MsoNormal" \
style="margin-left:.5in"><span style="font-size:12.0pt;font-family:"Times New \
Roman","serif""><o:p> </o:p></span></p> <p class="MsoNormal" \
style="margin-left:.5in"><span style="font-size:12.0pt;font-family:"Times New \
Roman","serif"">Can someone who understands the xml file see if \
anything looks abnormal or may be missing…this is a major road block in getting \
this tool implemented here at my company. Items in Red are my definitions, but \
changed for security reason…just cannot get standard users to \
work…<o:p></o:p></span></p> <p class="MsoNormal" style="margin-left:.5in"><span \
style="font-size:12.0pt;font-family:"Times New \
Roman","serif""><o:p> </o:p></span></p> <p class="MsoNormal" \
style="margin-left:.5in"><span style="font-size:12.0pt;font-family:"Times New \
Roman","serif"">Please, any and all help greatly \
appreciated,<o:p></o:p></span></p> <p class="MsoNormal" \
style="margin-left:.5in"><span style="font-size:12.0pt;font-family:"Times New \
Roman","serif"">Danny<o:p></o:p></span></p> <p class="MsoNormal" \
style="margin-left:.5in"><span style="font-size:12.0pt;font-family:"Times New \
Roman","serif""><o:p> </o:p></span></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="font-size:9.0pt;font-family:"Times New \
Roman","serif";color:#5B9BD5"><o:p> </o:p></span></b></p> <p \
class="MsoNormal" style="margin-left:.5in"><b><span style="color:#4472C4"><?xml \
version="1.0" encoding="UTF-8"?><o:p></o:p></span></b></p> <p \
class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4"><beans:beans xmlns="<a \
href="http://www.springframework.org/schema/security">http://www.springframework.org/schema/security</a>"<o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-left:.5in"><b><span style="color:#4472C4"> \
xmlns:beans="<a \
href="http://www.springframework.org/schema/beans">http://www.springframework.org/schema/beans</a>"<o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-left:.5in"><b><span style="color:#4472C4"> \
xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance">http://www.w3.org/2001/XMLSchema-instance</a>"<o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-left:.5in"><b><span style="color:#4472C4"> \
xsi:schemaLocation="http://www.springframework.org/schema/beans \
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd<o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4">
<a href="http://www.springframework.org/schema/security">http://www.springframework.org/schema/security</a>
<a href="http://www.springframework.org/schema/security/spring-security-3.1.xsd">
http://www.springframework.org/schema/security/spring-security-3.1.xsd</a>"><o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4"><o:p> </o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> <beans:bean \
id="ldapTemplate" \
class="org.springframework.ldap.core.LdapTemplate"><o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4"> <beans:constructor-arg \
ref="contextSource"/><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
<beans:property name="ignorePartialResultException" \
value="true"/><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
</beans:bean><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> <beans:bean \
id="contextSource" \
class="org.springframework.ldap.core.support.LdapContextSource"><o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4"> <beans:property \
name="urls"><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span \
style="color:#4472C4"> \
<beans:list><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span \
style="color:#4472C4"> <!-- List one or \
more of your Active Directory domain controllers here \
--><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span \
style="color:#4472C4"> \
<beans:value></span><span \
style="color:red">ldap://abc.mycompany.org:389/</span><span \
style="color:#4472C4"></beans:value><o:p></o:p></span></b></p> <p \
class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4"> \
</beans:list><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
</beans:property><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> <!-- An \
optional base DN. Every user and group below is relative to this. \
--><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
<beans:property name="base" value="</span><span \
style="color:red">dc=abc,dc=mycompany,dc=org</span><span style="color:#4472C4">" \
/><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
<beans:property name="authenticationSource" \
ref="authenticationSource" /><o:p></o:p></span></b></p> <p \
class="MsoNormal" style="margin-left:.5in"><b><span style="color:#4472C4"> \
</beans:bean><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> <beans:bean \
id="authenticationSource" \
class="org.springframework.ldap.authentication.DefaultValuesAuthenticationSourceDecorator"><o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4"> <beans:property name="target" \
ref="springSecurityAuthenticationSource"/><o:p></o:p></span></b></p> <p \
class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4"> <!-- Identify an unprivileged user for \
initial binding to the directory --><o:p></o:p></span></b></p> <p \
class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4"> <!-- In some cases, expressing the user \
as an LDAP DN is the right way --><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> <!-- In \
other cases, it's necessary to express it in user@domain format \
--><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> <!-- \
<beans:property name="defaultUser" value="<a \
href="mailto:opennms_bind@example.org">opennms_bind@example.org</a>"/> \
--><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> <!-- \
Specify the unprivileged bind user's password here --><o:p></o:p></span></b></p> \
<p class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4"> <beans:property \
name="defaultUser" value="</span><span style="color:red"><a \
href="mailto:myuser@myCompany.org">myuser@myCompany.org</a></span><span \
style="color:#4472C4">"/><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
<beans:property name="defaultPassword" value="</span><span \
style="color:red">catfur4U</span><span \
style="color:#4472C4">"/><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
</beans:bean><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span \
style="color:#4472C4"><o:p> </o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> <beans:bean \
id="springSecurityAuthenticationSource" \
class="org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource"><o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-left:.5in"><b><span style="color:#4472C4"> \
</beans:bean><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span \
style="color:#4472C4"><o:p> </o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> <beans:bean \
id="externalAuthenticationProvider" \
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"><o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4"> <beans:constructor-arg \
ref="ldapAuthenticator"/><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
<beans:constructor-arg \
ref="userGroupLdapAuthoritiesPopulator"/><o:p></o:p></span></b></p> <p \
class="MsoNormal" style="margin-left:.5in"><b><span style="color:#4472C4"> \
</beans:bean><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span \
style="color:#4472C4"><o:p> </o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> <beans:bean \
id="ldapAuthenticator" \
class="org.springframework.security.ldap.authentication.BindAuthenticator"><o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4"> <beans:constructor-arg \
ref="contextSource"/><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
<beans:property name="userSearch" \
ref="userSearch"></beans:property><o:p></o:p></span></b></p> <p \
class="MsoNormal" style="margin-left:.5in"><b><span style="color:#4472C4"> \
</beans:bean><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> <!-- userSearch \
(alt.: userDnPatterns) --><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span \
style="color:#4472C4"><o:p> </o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> <beans:bean \
id="userSearch" \
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"><o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4"> <beans:constructor-arg \
index="0" value="</span><span \
style="color:red">ou=UserAccounts</span><span style="color:#4472C4">" \
/><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> <!-- \
More complex filters are possible depending on the layout of your directory \
--><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
<beans:constructor-arg index="1" value="(sAMAccountName={0})" \
/><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
<beans:constructor-arg index="2" ref="contextSource" \
/><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
<beans:property name="searchSubtree" value="true" \
/><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
</beans:bean><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span \
style="color:#4472C4"><o:p> </o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> <beans:bean \
id="userGroupLdapAuthoritiesPopulator" \
class="org.opennms.web.springframework.security.UserGroupLdapAuthoritiesPopulator"><o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4"> <beans:constructor-arg \
ref="contextSource"/><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> <!-- \
Common LDAP container for the user and admin groups listed below \
--><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
<beans:constructor-arg value="</span><span \
style="color:red">ou=UserGroups,ou=UserAccounts</span><span \
style="color:#4472C4">" /><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> <!-- \
<beans:constructor-arg value="ou=UserGroups,ou=UserAccounts" /> \
--><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
<beans:property name="searchSubtree" value="true" \
/><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
<beans:property name="convertToUpperCase" value="true" \
/><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
<beans:property name="groupRoleAttribute" value="cn" \
/><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> <!-- \
<beans:property name="groupSearchFilter" value="member={0}" \
/> --><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> <!-- If \
using nested AD groups, try the following groupSearchFilter instead \
--><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> <!-- \
<beans:property name="groupSearchFilter" \
value="member:1.2.840.113556.1.4.1941:={0}" /> \
--><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
<beans:property name="groupSearchFilter" value="member={0}" \
/><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
<beans:property name="groupToRoleMap"><o:p></o:p></span></b></p> <p \
class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4"> \
<beans:map><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span \
style="color:#4472C4"> \
<beans:entry><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span \
style="color:#4472C4"> <!-- \
Name of the AD group for OpenNMS administrators --><o:p></o:p></span></b></p> <p \
class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4"> \
<beans:key><beans:value></span><span \
style="color:red">My_Admins</span><span \
style="color:#4472C4"></beans:value></beans:key><o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4"> \
<beans:list><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span \
style="color:#4472C4"> \
<beans:value>ROLE_USER</beans:value><o:p></o:p></span></b></p> <p \
<p class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4"> \
</beans:list><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span \
style="color:#4472C4"> \
</beans:entry><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span \
style="color:#4472C4"> \
<beans:entry><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span \
style="color:#4472C4"> <!-- \
Name of the AD group for normal (non-admin) OpenNMS users \
--><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span \
style="color:#4472C4"> <!-- \
<beans:key><beans:value>Domain Users \
All_ITS_Staff</beans:value></beans:key> --><o:p></o:p></span></b></p> \
<p class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4"> \
<beans:key><beans:value></span><span \
style="color:red">My_Staff</span><span \
style="color:#4472C4"></beans:value></beans:key><o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4"> \
<beans:list><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span \
style="color:#4472C4"> \
<beans:value>ROLE_USER</beans:value><o:p></o:p></span></b></p> <p \
class="MsoNormal" style="margin-left:.5in"><b><span \
style="color:#4472C4"> \
<!-- <beans:value>ROLE_DASHBOARD</beans:value> \
--><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span \
style="color:#4472C4"> \
</beans:list><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span \
style="color:#4472C4"> \
</beans:entry><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span \
style="color:#4472C4"> \
</beans:map><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
</beans:property><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span style="color:#4472C4"> \
</beans:bean><o:p></o:p></span></b></p> <p class="MsoNormal" \
style="margin-left:.5in"><b><span \
style="color:#4472C4"></beans:beans><o:p></o:p></span></b></p> </div>
<br>
<hr>
<font face="Arial" color="Gray" size="2"><br>
This e-mail message, including any attachments, is for the sole use of the intended \
recipient(s) and may contain information that is confidential and protected by law \
from unauthorized disclosure. Any unauthorized review, use, disclosure or \
distribution is prohibited. If you are not the intended recipient, please contact \
the sender by reply e-mail and destroy all copies of the original message.<br> \
</font> </body>
</html>
[Attachment #4 (--===============6060435901499658235==)]
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ
opennms-discuss mailing list
To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic