Hi, I'm trying to set up ACL using groups instead of users from an AD. The authentication is working well against our Active Directory however if I use Active directory groups, after successful signing up it doesn't work the message is clear: "Permission Denied Sorry, you don't have enough rights to continue."
Anybody managed to make it work?
my local.php:
$conf['authtype'] = 'authad';
$conf['superuser'] = '@admin,mylogin,another';
$conf['disableactions'] = 'register,resendpwd,profile_delete';
$conf['userewrite'] = '2';
$conf['useslash'] = 1;
$conf['defer_js'] = 0;
$conf['plugin']['authad']['account_suffix'] = '@mydomain';
$conf['plugin']['authad']['base_dn'] = '"OU=main branch,DC=my,DC=domain"';
$conf['plugin']['authad']['domain_controllers'] = 'ad.mydomain';
$conf['plugin']['authad']['sso'] = 1;
$conf['plugin']['authad']['admin_username'] = 'ADuser';
$conf['plugin']['authad']['admin_password'] = 'itsPassword
And ACLs:
# acl.auth.php
# <?php exit()?>
* @ALL 0
* @user 8
* mylogin 16
* ganother 16
* otheruser 16
* aduser 16
* @AD%5fgroup 16
* aduser2 16
* aduser3 16
sidebar @ALL 0
I have SELinux ON (disabling it doesn't change anything)
Any idea how to debug, find the problem? of course users aduser,aduser2,aduser3 are in the group AD_group but if I don't set these users specifically (only setting rights for AD_group) the "@AD_group 16" doesn't work :-(
Also something I found "weird" is that when users are authenticated they should belong to the group "@user" at least but passed the authentication process (which succeed) they have the message "Permission Denied".
Many thanks,
Arnaud