search

singularityhub / sregistry

server for storage and management of singularity images
https://singularityhub.github.io/sregistry
Mozilla Public License 2.0
103 stars 42 forks source link

LDAP Superuser-group mapping not working #401

Closed markush97 closed 2 years ago

markush97 commented 2 years ago

I am mapping my superusers like this:

#Map LDAP group membership into Django admin flags
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    "is_superuser": "cn=sregistry_admin,ou=groups,dc=example"
}

Querying my user give me the correct memberof attribute:

memberOf: cn=sregistry_admin,ou=groups,dc=example

What am I doing wrong? How is django/sregistry exactly mapping the groups? Does it need some special attribute?

Logging in works but uwsgi just prints

uid=user,ou=people,dc=example is not a member of cn=sregistry_admin,ou=groups,dc=example
markush97 commented 2 years ago

Okey I kinda fixed it myself, I used posixGroup instead of groupOfNames (which my ldap is configured to use). Now it correctly says that my user is part of the group, but in the webinterface I still cannot access the admin-panel.

vsoch commented 2 years ago

@markush97 for that level of access you typically need to grab the user in a database shell and set is_superuser to true.