Description of problem: Customer have two groups, the first one is principal and the second one nested, customer would like to define just the first one and Satellite should be able to query and *know* all users members of all nested groups. Version-Release number of selected component (if applicable): 6.2 How reproducible: 100 Steps to Reproduce: 1. Create two groups 2. Add the second one as nested of first one 3. Create one user inside second group 4. Configure Satellite to authenticate 5. Try to authenticate using the user inside the second group Actual results: it's not possible. Expected results: Login normally, once Satellite should check nested groups Additional info:
I would like the enhancement to work on any LDAP group tree if possible.
Hi all Just one full description about the workaround. Soon I'll prepare one kcs about it. --- Nested groups in Satellite 6.2.x // On AD side we have - domain.example - Users - normal_grp - nested_grp - testuser PS: On this case nested_grp is a group memberof normal_grp Just some AD/Objects Information // DN of group used on test CN=normal_grp,CN=Users,DC=Domain,DC=example On Satellite side // When adding this LDAP filter, we enable all members of normal_grp to login but not nested users (&(objectCategory=Person)(sAMAccountName=*)(memberOf:=CN=normal_grp,CN=Users,DC=Domain,DC=example)) // When adding the code *1.2.840.113556.1.4.1941* on the filter, we enable nested users to login (&(objectCategory=Person)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=CN=normal_grp,CN=Users,DC=Domain,DC=example)) Best Regards -- Waldirio M Pinheiro | Senior Software Maintenance Engineer
Hello all https://access.redhat.com/solutions/3172711 Best Regards -- Waldirio M Pinheiro | Senior Software Maintenance Engineer
*** Bug 1484016 has been marked as a duplicate of this bug. ***
The Satellite Team is attempting to provide an accurate backlog of bugzilla requests which we feel will be resolved in the next few releases. We do not believe this bugzilla will meet that criteria, and have plans to close it out in 1 month. This is not a reflection on the validity of the request, but a reflection of the many priorities for the product. If you have any concerns about this, feel free to contact Rich Jerrido or Bryan Kearney or your account team. If we do not hear from you, we will close this bug out. Thank you.
Thank you for your interest in Satellite 6. We have evaluated this request, and while we recognize that it is a valid request, we do not expect this to be implemented in the product in the foreseeable future. This is due to other priorities for the product, and not a reflection on the request itself. We are therefore closing this out as WONTFIX. If you have any concerns about this, please do not reopen. Instead, feel free to contact Rich Jerrido or Bryan Kearney. Thank you.