Re: Fortress and Active Directory

by Blair McKenzie-2 :: Rate this Message:

I half suspect the plugin needs to be updated to work with Active Directory. Unfortunately I don't have a setup so I can't test it properly.

The arguments struct is how errors are displayed now. If you could expand it and send me the details I'd appreciate it.

The "start" configs specify the DN (Distinguished Name) of the node which contains all users or all groups. In most LDAP directories you could just use the root DN. If you need to restrict the number of groups/users (e.g. because the directory is too large otherwise) you can use the start DNs to restrict the search.

The user dn is used to retrieve a user by their ID. The authentication process uses a DN containing {userid} to attempt to match a username entered by a website user against the directory.

The group filter is used to find groups that a user is a member of. Include {userid} in the LDAP filter as needed for the query. The All Group Filter should return all the groups that FarCry needs to support.

Blair

On Tue, Apr 15, 2008 at 4:45 AM, Chris Roth <chris.roth@...> wrote:

hmm. when I "view" a role an exception is thrown:

11:24:49.049 - Application Exception - in E:\InetPub\farcry\core\tags
\navajo\display.cfm : line 198
For the default view of an object, create a displayPageStandard
webskin.

My connection to AD seems to be ok. based on the settings below, I can
"login" to farcry but I get the arguments - struct output with
nothing else (this makes sens since my group/role can not be
determined.

Here's what I have (slightly modified since I am posintg this
publically)

LDAP Configuration

Server Host : myadcontroller.mydomain.com

Username :
Password :

Users
User start DN : dc=mydomain,dc=com

User DN : {userid%7D@...

profileProp=LDAPattr list : firstName=givenName,lastName=sn

Override profile values : yes

Groups
Group start : dc=mydomain,dc=com,o=ADFolder4Site,o=ADFolder4
SecurityGroups,o=ADFolder4 SecurityGroups4Web

Group filter : **** Not sure what to put here... inside ADFolder4
SecurityGroups4Web folder I have

website1Users,website1Contributors,website1Publishers,website1Admins
website2Users,website2Contributors,website2Publishers,website2Admins

with the appropriate "active directory" users assigned.

All groups filter : objectClass=groupOfNames

Group ID attribute : cn

Any help appreciated.

On Apr 13, 5:49 pm, "Blair McKenzie" <shi...@...> wrote:

> Probably the first thing you can do to test is to set the basic server
> attributes (i.e. server host, username, password), then set the group id
> attribute and group filter settings. The group id is the ldap attribute that
> uniquely identifies the group within the server and in FarCry. The
> all-group-filter is the ldap filter that will fetch every group from the
> server.
>
> With those set up, you should be able to select those groups in a role.
>
> I'm not sure what you mean by "empty structure"?
>
> Blair
>
>
>

> On Sat, Apr 12, 2008 at 8:23 AM, Chris Roth <chris.r...@...> wrote:
>
> > Hmm. I am really confused I guess.
>
> > I installed the farcryldap plugin and I can see the configuration.
>
> > I am not sure how I can test if its connecting correctly.
>
> > Also when I try to view/edit anything in:
>
> > security - manage security - roles (I get an empty structure)
>
> > how do i test if I am connecting to my AD domain?
>

> > how do I map my AD groups to FC roles?- Hide quoted text -
>
> - Show quoted text -

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "farcry-beta" group.
To post to this group, send email to farcry-beta@...
To unsubscribe from this group, send email to farcry-beta-unsubscribe@...
For more options, visit this group at http://groups.google.com/group/farcry-beta?hl=en
-~----------~----~----~----~------~----~------~--~---