Set value of ldap_nested_group_search for groupbackend in examples

Question

Set value of ldap_nested_group_search for groupbackend in examples

Closed this issue a year ago · 3 comments

The default value of ldap_nested_group_search should be true. In the most configurations the nested_group_search is required, especially after working together with the Netways Consultants.

If you don´t aggree, it should be part of the icinga-installer documentation as a hint.

Answer 1 · 2023-04-21T13:59:41.000Z

Hi, thanks for the hint. More documentation is always a good idea.

Do you want to open a PR?

Answer 2 · 2023-04-21T16:26:09.000Z

If we're talking about the example

https://github.com/NETWAYS/icinga-installer/blob/main/doc/08-User-Group-Backends.md

the parameter 'ldap_group_filter' do the same.

Answer 3 · 2023-04-21T21:07:00.000Z

@lbetz yes we are talking about your example. But with "ldap_group_filter" it was not working, that the nested users has the correct permissions. I can demonstrate it at our next session, if you like. Only with ldap_nested_group_search: true it was working.

We have a group "icinga" and in this group are nested groups "icinga-admins" and "icinga-users". In "icinga-users" there is a group, which contains the users. Or with other words:

icinga-admins contains userA and UserB
icinga-users contains groupA and UserE. And groupA contains UserC and UserD.

The UserE was able to logon and saw everything of IcingaWeb. The UserC and UserD was able to logon but was not able to see something, until I activated nested-group-search. Then UserC and UserD saw everything.