search

Ylianst / MeshCentral

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.
https://meshcentral.com
Apache License 2.0
4.18k stars 562 forks source link

LDAP Users displayed #1642

Open Tomatoschewps opened 4 years ago

Tomatoschewps commented 4 years ago

Hi,

We have configured ldap loging. We have connecter 4 ldap users until now but in "my users" view I only see 2 of them (me and one other, arbitrary). In "Groups" I have added 4 users in my group but I see only 3 of them (1 local admin and 2 from ldap) and in the search I don't see all of them. But the users can connect and they have the permissions rightly applied. D.

Ylianst commented 4 years ago

A lot of people are trying MeshCentral with LDAP, this is something I have never tested myself. I added support for it without having setup an LDAP server. If there is any brain dead way to setup a test LDAP server, I would be interested. That would then help me fix these.

Tomatoschewps commented 4 years ago

We use Windows Active Directory as ldap server. I can setup one with some users account for your tests. I'll do it next week and ping you when it's ready.

De : Ylian Saint-Hilaire notifications@github.com Envoyé : vendredi 24 juillet 2020 19:42 À : Ylianst/MeshCentral Cc: Damien Brochard; Author Objet : Re: [Ylianst/MeshCentral] LDAP Users displayed (#1642)

A lot of people are trying MeshCentral with LDAP, this is something I have never tested myself. I added support for it without having setup an LDAP server. If there is any brain dead way to setup a test LDAP server, I would be interested. That would then help me fix these.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/Ylianst/MeshCentral/issues/1642#issuecomment-663654240, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ACOQQJWSLWBOSWHVE5ZJCXLR5HBZJANCNFSM4PGWD4RQ.

Ylianst commented 4 years ago

Oh, not needed but thanks. I was hoping for something simpler I could run on my side. I have a free account with JumpCloud for up to 10 users and the service is excellent. They offer LDAP. I will go in that direction if there is no simpler alternative. I am just not a LDAP expert and there is a learning curve.

Tomatoschewps commented 4 years ago

Ok, cool :) Let me know if did'nt go has expected with JumpCloud.

Tomatoschewps commented 4 years ago

This afternoon we trie to be 3 LDAP users logged-in in the same time : t.oto (2FA actived) t.ata (2FA actived) t.utu (no 2FA)

t.oto logged-in --> Ok t.ata logged-in --> Ok t.utu try to logged-in --> Meshcentral ask for a token even if the user have no configured it. It is necessary to use a token from t.ata to be able to connect.

In the user view we see t.oto, t.ata bu not t.utu.

Ylianst commented 4 years ago

Latest MeshCentral should have LDAP with 2FA working correctly. Update and try again, let me know if it works.

Ylianst commented 4 years ago

Fyi. This is the same problem as #1641, should now be fixed.

Tomatoschewps commented 4 years ago

Not ok for me. I still don't see all my users and users without 2FA are always asked for 2FA token.

1641 was for 2FA not working for users who configured it. Not the same problem here

Tomatoschewps commented 4 years ago

Hi Ylian,

Do you think you can look at this ? Now we don't see any user except mine so if a new ldap user log in to MC I can't apply any group to him.

D.

Tomatoschewps commented 4 years ago

Hi @Ylianst , Any news on this subject ? We can't use MC with more user until LDAP usage is fixed. It's a real problem for us.

tell me if you need more information. D.