Tranquil IT Forum

Hello,

I'm having an issue with self-service authentication. Authentication is blocked on a sub-OU of Active Directory.
Only users in that OU can log in to self-service.
If I remember correctly, during installation I specified this sub-OU initially:
OU=SIO,OU=SERVICE,DC=MY_DOMAIN,DC=FR.

I checked in /opt/wapt/conf/waptserver.ini and it does have:
ldap_auth_base_dn = DC=MY_DOMAIN,DC=fr.

Do you have any idea what the problem might be?
Thank you

Hello Jérôme,

for self-service there are several authentication methods:
https://www.wapt.fr/fr/doc/wapt-usage/w ... elfservice

Are you in basic (system) mode or are you in LDAP mode?

Hi Simon,

I've corrected my wapt-get.ini accordingly by adding these three parameters:
service_auth_type
, ldap_auth_server,
and ldap_auth_base_dn.

The result is successful, thank you.

However, I had created a group called wapt-domain-users. If I add users or user groups to it, it works fine. However, I have a "domain users" group that is the default group for all my users. If I add this group, nothing appears in my directory.

Hi Jérôme,
the "domain users" group (-513) is the primary group for user accounts; it's an attribute of the user entry (and shouldn't be changed). However, the "domain users" group itself, as an LDAP entry, is empty in the sense that there's no "member" attribute.
If we want the "domain users" group to function like other groups, we need to use a more resource-intensive query, as it's a calculated result.
If this isn't specified in the documentation, we need to add it.
Denis