I have Active Directory authentication working but only for whatever group is “last in the list” for $config['auth_ldap_suffix']. I have a username in the OU “OUAdministrators” and another account in OU “ServerAdmin”.
If I comment out the line $config['auth_ldap_suffix'] = ",ou=OUAdministrators,ou=Users,ou=BCPUS,dc=mw,dc=na,dc=cat,dc=com"; and uncomment out
//$config['auth_ldap_suffix'] = ",ou=ServerAdmin,ou=Users,ou=BCPUS,dc=mw,dc=na,dc=cat,dc=com"; then the account in OUAdministratos no longer can login and the one in ServerAdmin starts working. If I leave them both uncommented, then the one that is
last in the list works.
Is there a way to have users in two OUs be used to authenticate?
$config['auth_ldap_prefix'] = "cn=";
$config['auth_ldap_groupbase'] = "ou=HighSecurity,ou=Groups,ou=BCPUS,dc=mw,dc=na,dc=cat,dc=com";
$config['auth_ldap_suffix'] = ",ou=OUAdministrators,ou=Users,ou=BCPUS,dc=mw,dc=na,dc=cat,dc=com";
//$config['auth_ldap_group'] = "cn=BCPUS-Observium_access,ou=HighSecurity,ou=Groups,ou=BCPUS,dc=mw,dc=na,dc=cat,dc=com";
//$config['auth_ldap_suffix'] = ",ou=ServerAdmin,ou=Users,ou=BCPUS,dc=mw,dc=na,dc=cat,dc=com";
//$config['auth_ldap_suffix'] = ",ou=StandardSecurity,ou=Users,ou=BCPUS,dc=mw,dc=na,dc=cat,dc=com";
$config['auth_ldap_groupmembertype'] = "fulldn";
$config['auth_ldap_groupmemberattr'] = "member";
unset($config['auth_ldap_groups']);
$config['auth_ldap_groups']['cn=BCPUS-Observium_admins,ou=HighSecurity,ou=Groups,ou=BCPUS,dc=mw,dc=na,dc=cat,dc=com']['level'] = 10;
$config['auth_ldap_groups']['cn=BCPUS-Observium_access,ou=HighSecurity,ou=Groups,ou=BCPUS,dc=mw,dc=na,dc=cat,dc=com']['level'] = 5;
Dana Bostic
Technology Specialist
Caterpillar Inc.
954 NC 42 East, Clayton, NC 27527
email: bostic_dana_r@cat.com | phone: 919-550-1260