Observed bug: A user logs in and only sees his own machines
Closed this issue · 1 comments
oyvindhagberg commented
The user should have had access to a lot more machines, by LDAP group memberships.
Suggestions
- Set up a dev environment with auth enabled, to test Oauth2 logins locally
- Add a lot of debug logging (
log.Printf
) in https://github.com/usit-gd/nivlheim/blob/master/server/service/oauth2login.go#L84 throughout the function, and see what it does
oyvindhagberg commented
- Look at
/etc/nivlheim/server.conf
. If you're member of the LDAP group specified by the option "LDAPadminGroup" or any of the groups listed in "AllAccessGroups", you'll see all machines regardless. - Here on USIT, we have LDAP groups named with a 'zabbix-' prefix, it should be stripped away but it looks like that doesn't happen anywhere. That explains why it doesn't match the hosts' ownerGroups, which doesn't have this prefix.
[EDIT] 👍 Fixed by adding the 'zabbix-' prefix inowner.pl
for all groups taken fromsiteadmsHostUserGroup.txt
. - The method used in
owner.pl
for looking up people's personal email addresses doesn't work anymore, apparently. This is relevant for personal computers, laptops etc. Must find a workaround. [EDIT] 👍 Fixed by looking up the host incn=hosts,cn=system,dc=uio,dc=no
and usinguioHostContact
.