[Stork-dev] Stork and LDAP Auth
Brendan Kearney
bpk678 at gmail.com
Sun Oct 15 02:48:03 UTC 2023
list members,
i am a new kea and stork user, but have been using dhcpd for quite some
time. i am setting up stork, and want to point at ldap for auth. i set
things up, but have run into an issue.
i have set:
STORK_SERVER_HOOK_LDAP_GROUP_ADMIN="cn=dhcpAdmins,ou=domainGroups,ou=Groups,dc=bpk2,dc=com"
STORK_SERVER_HOOK_LDAP_GROUP_SUPER_ADMIN="cn=dhcpEngineers,ou=domainGroups,ou=Groups,dc=bpk2,dc=com"
and no user in those groups winds up getting access. all users get an
access error:
HTTP Error 403 Forbidden. Access to this page is forbidden for the
currently logged in user. If you think you should have access to this
page please contact your system administrator to verify your permissions.
the users are in the groups, and authentication works it seems because
the login happens, but authorization is not working. even when i set
the group manually for the users, those settings do not persist in
postgresql. i watched the number of rows in system_user_to_group shrink
from 3 to 2 to 1 during iterative logins, where the mappings were being
deleted from the table.
are there tips and tricks to get ldap auth working? any insights would
be appreciated.
thank you,
brendan kearney
More information about the stork-dev
mailing list