migrating or onboarding existing users using LDAP and groups based ACLs

Thomas De Schampheleire patrickdepinguin at gmail.com
Wed May 27 10:58:27 EDT 2015


Hi Todd,
(reincluding the mailing list)

On Wed, May 27, 2015 at 3:55 PM, Todd Morgan <toddlmorgan at gmail.com> wrote:
> Thanks for that Thomas :-)
>
> I did try something along those lines ... When creating the users via REST I specified the LDAP DN ... In the hope that would be sufficient to enable LDAP auth but the LDAP dn wasn't written through to the Database. Did you also have to specify a DN for your originally "internal" users when you edited the database? Did you also nee to blank the password field?
>

What I did more specifically was:
1. enable the ldap_auth plugin through the Admin->Authentication menu
(and install python-ldap)
2. configure the LDAP settings, including Base DN and LDAP search filter
3. manually editing the 'users' table in the database with a query like:

update users set extern_type='ldap' where username is not 'admin';

I did not make other adaptations in the database. So 'extern_name'
would still be 'internal'. Once a user would log in with CSL, the
extern_name would be updated automatically with the corresponding LDAP
info.
I did not change/empty the password manually.

Best regards,
Thomas


More information about the kallithea-general mailing list