Hi all, I managed to setup the authentication to icinga2 web interface by means of an ldap resource, but I'd like to grant icingaweb administrator privileges to a group of the active directory without adding the single users to the groups administrators if possible, I tried to add the cn of the ad group to the attribute groups of Administrator role in the file without success:
root@goccia:/etc/icingaweb2# cat roles.ini [Administrators] users = "fusillator" permissions = "*" groups = "Administrators, IcingaWebUsers" root@goccia:/etc/icingaweb2# ldapsearch -h windottor2 -D posinega\\fusillo -W -LLL -b "dc=posinega,dc=local" "memberOf=CN=IcingaWebUsers,OU=GROUPS,OU=PosiNega,DC=posinega,DC=local" "(objectclass=user)" userPrincipalName memberOf Enter LDAP Password: dn: CN=Fusillo,CN=Users,DC=posinega,DC=local memberOf: CN=IcingaWebUsers,OU=GROUPS,OU=PosiNega,DC=posinega,DC=local ... userPrincipalName: fusillo@posinega.local root@goccia:/etc/icingaweb2# cat authentication.ini [icingaweb_ad] backend = "msldap" resource = "icingaweb_ad" user_class = "user" user_name_attribute = "userPrincipalName" filter = "memberOf=CN=IcingaWebUsers,OU=GROUPS,OU=PosiNega,DC=posinega,DC=local" [icingaweb2_usrdb] backend = "db" resource = "icingaweb_usrdb" I can log into icingaweb using fusillo@posinega.local but it doesn't grant me the administrator privileges. I read the doc at https://github.com/Icinga/icingaweb2/blob/master/doc/06-Security.md#groups but i don't find any reference about group in the authentication chapter. Any help or suggestion will be appreciated Best regards and sorry for my English Luca Cazzaniga _______________________________________________ icinga-users mailing list icinga-users@lists.icinga.org https://lists.icinga.org/mailman/listinfo/icinga-users
