search

MHMDhub / enterprise-log-search-and-archive

Automatically exported from code.google.com/p/enterprise-log-search-and-archive
0 stars 0 forks source link

LDAP normal user permissions #181

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
Hi, I have LDAP working perfectly to admin users, all perfect.
With non admin users, I am able to correctly login  but I can't make any 
queries, or anything else.

This regular user was added into a group of regular users created for ELSA;
And in the web interface I've added exceptions like:

Class: Any
Node: 127.0.0.1 (for now I have only one machine);
host: 0

but I'm always receiving this message:

"Query syntax error: All terms for field srcip were dropped due to insufficient 
permissions."

I'm getting nut's with this, can you please help me?
Should I have something like a "user_groups" in LDAP section of elsa_web.conf?

Thank you.

p.s - by the way "1 node(s) with 81.1 million logs indexed and 1.3 billion 
archive" in 5 days!!!!!!! :)

Original issue reported on code.google.com by joao.dom...@gmail.com on 24 Oct 2013 at 1:45

GoogleCodeExporter commented 8 years ago 
  "ldap" : {

      "admin_groups" : {
         "CN=Group_Elsa,OU=Groups,OU=AAAA,OU=BBBBBB,DC=example,DC=com" : 1
      },

      "attr_map" : {
         "display_name" : "displayName",
         "email" : "mail"
      },
      "base" : "DC=example,DC=com",
      "bindDN" : "CN=user_to_read_ad,OU=VVVVVV,OU=KKKKK,DC=example,DC=com",
      "bindpw" : "password",
      "extra_attrs" : {
         "department" : "department",
         "uid" : "uid"
      },
      "groups_attr" : "memberOf",
      "host" : "example.com",
      "searchattrs" : "sAMAccountName"
   },

Original comment by joao.dom...@gmail.com on 24 Oct 2013 at 2:00

GoogleCodeExporter commented 8 years ago 
There should be a line in the /data/elsa/log/web.log file which has "got 
permissions: " and a dump of the user's permissions.  Can you find the 
permissions for that user and show what they are?

Original comment by mchol...@gmail.com on 24 Oct 2013 at 7:54

GoogleCodeExporter commented 8 years ago 
Not much indeed:

got permissions: $VAR1 = {
          'program_id' => {
                            '0' => 1
                          },
          'fields' => {},
          'node_id' => {
                         '0' => 1
                       },
          'host_id' => {
                         '0' => 1
                       },
          'class_id' => {}
        };

This is what I get with admin user:

got permissions: $VAR1 = {
          'program_id' => {
                            '0' => 1
                          },
          'fields' => {},
          'node_id' => {
                         '0' => 1
                       },
          'host_id' => {
                         '0' => 1
                       },
          'class_id' => {
                          '0' => 1
                        }
        };

The only difference I spotted was with class_id...

Original comment by joao.dom...@gmail.com on 25 Oct 2013 at 8:54

GoogleCodeExporter commented 8 years ago 
I've tried many kinds of combinations on web interface "Manage Permissions", 
with class ANY, or of the other classes but that field always comes empty "{}".
When I click on "Exceptions" link for this user group I always got this 
response:

Delete
        Attribute   Value
        host_id     0.0.0.0

There's not supposed to show anything else?

I think it would most helpful if you post a lot more print screens of regular 
operation, just an opinion!
Thanks,
João

Original comment by joao.dom...@gmail.com on 25 Oct 2013 at 9:13

GoogleCodeExporter commented 8 years ago 
I'm sorry to be such a pain :), but I must confess that I'm stressing out with 
this...
Thanks

Original comment by joao.dom...@gmail.com on 29 Oct 2013 at 4:12

GoogleCodeExporter commented 8 years ago 
Hi, can you please take a look at this? Thanks!

Original comment by joao.dom...@gmail.com on 1 Nov 2013 at 9:55

GoogleCodeExporter commented 8 years ago 
Sorry for the delay.  The issue appears to be in the class_id => {} when 
non-admin (this implies no classes are allowed, so none are permitted).  Try 
going into the group management interface and setting class to ANY, node to 0, 
and host to 0.  If that doesn't work, you may need to manually edit the 
elsa_web.permissions table to set the class_id=0, with:

UPDATE elsa_web.permissions SET attr_id=0 WHERE attr="class_id";

Original comment by mchol...@gmail.com on 5 Nov 2013 at 6:52

GoogleCodeExporter commented 8 years ago 
Thank you for your help, but, it didn't work.
I did as you said:

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| elsa_web           |
| syslog             |
| syslog_data        |
| test               |
+--------------------+
5 rows in set (0.00 sec)

mysql> use elsa_web;
Database changed
mysql> UPDATE elsa_web.permissions SET attr_id=0 WHERE attr="class_id";
Query OK, 0 rows affected (0.00 sec)
Rows matched: 0  Changed: 0  Warnings: 0

But it says that no modification occurred into DB, as you can see. 
Unfortunately I still get the same error:

"Query syntax error: All terms for field srcip were dropped due to insufficient 
permissions."

I have created a group for 'normal' users in AD, and added my test user to it.
In ELSA GUI I set that group with the permissions
class ANY
node 127.0.0.1 (only one for now)
host 0

Original comment by joao.dom...@gmail.com on 5 Nov 2013 at 11:20

GoogleCodeExporter commented 8 years ago 
Ok, since no rows were affected, it never made it in.  Try:

INSERT INTO elsa_web.permissions (gid, attr, attr_id) ((SELECT gid FROM groups 
WHERE groupname="<group you are trying to permit>"), "class_id", 0)

Original comment by mchol...@gmail.com on 7 Nov 2013 at 1:32

GoogleCodeExporter commented 8 years ago 
FINALLY!!! :)

Just needed to look a bit more to your string (I know nothing about MYSQL), you 
missed the word VALUES in your string. :))

Now its working, thanks a lot

mysql> INSERT INTO elsa_web.permissions (gid, attr, attr_id) VALUES ((SELECT 
gid FROM groups WHERE 
groupname="CN=GS_FE_Elsa_R,OU=Groups,OU=xxxxx,OU=ccccccc,DC=ccccc,DC=zzzzzz"), 
"class_id", 0);
Query OK, 1 row affected (0.01 sec)

mysql> SELECT * FROM elsa_web.permissions;
+-----+----------+---------+
| gid | attr     | attr_id |
+-----+----------+---------+
|  13 | host_id  | 0       |
|  37 | class_id | 0       |
|  37 | host_id  | 0       |
|  65 | host_id  | 0       |
+-----+----------+---------+
4 rows in set (0.00 sec)

Original comment by joao.dom...@gmail.com on 8 Nov 2013 at 10:41

GoogleCodeExporter commented 8 years ago 
Great!

Original comment by mchol...@gmail.com on 9 Nov 2013 at 11:32