Couple of questions with LDAP and SSO

discuss · May 21, 2018, 3:40am

(from github.com/jfabales)
Hi Fess team,

I would like to ask first if SSO with LDAP on Linux is available with FESS.
I could connect and authenticate with our LDAP server but now I want to configure SSO.
I tried this configuration but it didn’t work.
Admin/general page: (this works with manual authentication)

LDAP url: ldap://ldap.company.com:389
base DN: dc=company,dc=com
bind DB: ldapbind
password: ****
User DN: %s@company.com
Account filter: (&(objectClass=user)(sAMAccountName=%s))
memberOf attribute: memberOf

fess_config.properties

ldap.admin.provider.url=ldap\://ldap.company.com\:389
ldap.admin.security.principal=CN\=ldapbind,OU\=ServiceAccounts,DC\=company,DC\=com
ldap.admin.security.credentials=*****

Also, I want to make groups from LDAP/AD as Fess administrators, is that possible? I tried these configurations but all didn’t work.

authentication.admin.users=2group_name
authentication.admin.roles=admin

authentication.admin.users={group}group_name
authentication.admin.roles=admin

authentication.admin.users=1user_name
authentication.admin.roles=admin

authentication.admin.users={user}user_name
authentication.admin.roles=admin

Thanks in advance

discuss · May 21, 2018, 1:37pm

(from github.com/marevol)
If you need docs for SSO configuration, please contact Commercial support.
There is no docs on OSS.

authentication.admin.roles is comma separated value.
You can check roles in audit.log

discuss · May 21, 2018, 7:50pm

(from github.com/jfabales)
Hi,

We don’t have roles setup in our LDAP and no roles are being detected in audit.log, can’t I also point roles to OU=Group,DC=company,DC=com?
We’re still in the testing stage of the capabilities and features of FESS and not sure if we want to have commercial support yet, that’s why any help would be appreciated.

discuss · May 22, 2018, 8:42pm

(from github.com/marevol)
Your settings for Account Filter or memberOf might not be correct.

discuss · May 23, 2018, 3:38am

(from github.com/jfabales)
No we really don’t have roles setup on our AD.
I tried to configure the role.filter and role.base.dn properties with the same values for group.filter and group.base.dn but still couldn’t detect any roles.

discuss · May 23, 2018, 7:04am

(from github.com/jfabales)
Created OU=Roles and added a role, changed the role.filter and was able to see the role in audit.log already.
LDAP user can access the admin page now but you have to change the URL to /admin, the Administration link is not showing in the User Profile dropdown menu.

Also I’m getting a Page not found error when accessing the Dashboard using the LDAP account.