4 Replies Latest reply on Aug 13, 2014 3:57 PM by user_feo

    Use AD Group for authentication

    jbrytowski

      I am trying to use an AD group as the authentication method for Virtualization Manager, I can get the AD portion working without much issue but it looks like I will have to use an LDAP query in-order to pull specific groups from AD.

       

      I have tried multiple different search strings and have not been able to get it to work, for instance:

      Search Filter - (&(objectCategory=user)(memberOf=CN=SECURITY GROUP,OU=1st Folder,OU=2nd Folder))

      Search Base - dc=domain, dc=com

       

      I have a bind user/PW and server that we use for other LDAP queries with success, any help would be great!

       

      Thanks,

       

      Jesse

        • Re: Use AD Group for authentication
          Jan Martinak

          Hi jbrytowski,

           

          could you please try to put only the group value in the Search Filter field?

           

          CN=SECURITY GROUP,OU=1st Folder,OU=2nd Folder

           

          Thanks

          • Re: Use AD Group for authentication
            user_feo

            Long shot ... But did you ever get this working.  I tried many combinations but nothing.  The AD authentication works just fine, but not so for LDAP.

              • Re: Use AD Group for authentication
                Tomas.Saghy

                The "search filter" value in the Add/Edit authentication server dialog specifies the property name which is used to find the user name. The text entered to this field is used to generate the search filter: '=' and the user name is appended (in form of searchFilter=userName).

                 

                For example:

                When you specify "cn" as search filter and try to login in as "domain/John", the search filter sent to LDAP server is: "cn=John".

                 

                This means that you can't specify complex search filters with current version of VMAN (6.1.1). We have created a feature request to support complex search filters.

                  • Re: Use AD Group for authentication
                    user_feo

                    Thanks  ... It is kind of odd for this to work in this manner. Yes I have contacted support.  They expressed the same response and suggested AD authentication, which works BUT is not all practical.  I guess we will have to way for the next release, and hopefully they will fix this bug

                     

                    Thanks for your reply!

                     

                    User_Feo