HI,
I set-up DG to use our AD.
Users can authenticate, and a local user is then created in DG. All good.
I would like a default group placement of Viewer, which works.
Some subsets of users must be Users whilst others must be Administrators. Unfortunately, I have ben unable to get this works.
This the configuration that I added to the Authentication tab:
Search
Search filter: OU=PERS USR,OU=USR,DC=example,DC=local
BaseDN: (cn=%username%)
Group Mapping
Search Filter: (memberOf=%username%)
LDAP DN: Group:
CN=DEVDG_DATAGERRYADMIN,OU=Organisational,OU=GRP_DATAGERRY,OU=GRP_BB,DC=example,DC=local Administrator
CN=DEVDG_DATAGERRYUSER,OU=Organisational,OU=GRP_DATAGERRY,OU=GRP_BB,DC=example,DC=local User
When a user logs into DG, then they are only assigned Viewer, but never Administrator or User roles.
Also saw these messages in the log files when users log in. I do not know if these are relevent:
[WARNING ] --- [LdapAuthenticationProvider] UserModel exists on LDAP but not in database: Error while GET: User with the query: {'user_name': 'kate'} not found! (external_providers.py)
[DEBUG ] --- [LdapAuthenticationProvider] Try creating user: kate(external_providers.py)
[DEBUG ] --- [LdapAuthenticationProvider] New user was init (external_providers.py)
Have you got any ideas on how how the group mapping ought to work, and why my setup might not?
Many thanks!
S