AnsweredAssumed Answered

How to add all Users of LDAP Group to Gateway Roles?

Question asked by RaoulAlexie82443151 on Mar 8, 2019
Latest reply on Mar 11, 2019 by RaoulAlexie82443151

The Question:

I try to add LDAP User Groups to specific Gateway Roles, for instance the LDAP Group "CA_ADIMIN" to the Gateway Role "Administrator" to be able to login with all the ldap Users which are member of  the "CA_ADMIN" LDAP Group.

How can I achive this?

 

The Problem:

When I try to login with an user which is member of the "CA_ADMIN" Group, I get the error "Invalid Username/Password"

 

What is already configured/tried:

Two Identity Providers, one with an ldap search base for the LDAP groups and one with an search Base to get users.

The providers are mapping all the attributes except the certificate from the ldap users (I removed the mapping of the certificate, else an login without client certificate was not possible anymore).

 

Searching both providers works and the users contain the data mapped correctly and the groups contain the specific users and also the data mapped correctly.

 

I add the LDAP Role "CA_ADMIN" to the CA Administrator Role through the menu:

       Task->Users and Authentification -> Manage Roles

selecting Administrator and Adding the LDAP Group (CA_ADMIN) to the Assignments.

 

What worked:

If I add the specific LDAP Users to the CA Administrator Role then I can login to the Gateway with the LDAP Users.

Outcomes