Active directory user to group maping

myDBR Forums » Known issues

Active directory user to group maping

(9 posts) (2 voices)

Started by ziuras
Latest reply from ziuras

Tags:

No tags yet.

ziuras, Member

Hi, after update mydrb to 6.4.5 (build 4740)
i have problem with AD maping. If i go to groups, and press edit then mydbr displays all users that belongs to group correct.
But if i go to users and prees show users - then no groups displayed.

if in mydbr i add user1 to group "Domain Users" (users, show users, and mark group "domain users") then user1 can see reports and folders, else users1 can see folders only if in folders access rights is marked user "user1" but not "domain users"

User1 - AD user
Domain Users - AD group
myDBR Team, Key Master

But if i go to users and prees show users - then no groups displayed.

What the the "show users" button you are pressing? In what page?

if in mydbr i add user1 to group "Domain Users" (users, show users, and mark group "domain users") then user1 can see reports and folders, else users1 can see folders only if in folders access rights is marked user "user1" but not "domain users"

Are you adding users to AD groups within myDBR? If AD is used all user data comes from AD and user's groups are checked from AD when user logs in.

--
myDBR Team
ziuras, Member

>>What the the "show users" button you are pressing? In what page?
Admin tools -> Users; and on users table row "magnifying glass" icon

>> Are you adding users to AD groups within myDBR? If AD is used all user data comes from AD and user's groups are checked from AD when user logs in.

now "User1" can see report only where Report have permisions direct to user1 or "Access without login allowed via direct URL" and can not see report where permisions are set to Domain Users.
Yes i know, but i make a test and if i add "User1" to "Domain Users" within mydbr then user1 can see all reports and folders that can be seen by "Domain User"

In my opinion did not work function like get_goup_list_for_user(@user), but function get_users_from_group(@Group) works correct.

I only have 1 local user and group, all my users and group are in AD and managed in AD. I add user to group within mydbr only for test after this error.
ziuras, Member

Another remark:
Not all users are shown without groups.
User2 "Show user" shows belonging to groups corectly, user1 show all groups, all groups unchecked.

After AD Synchronize i get:
Synchronization results
Groups added 0
Users added 48
Users processed 260
Inactive users removed from groups 87

Maybe "Inactive users removed from groups" here is a problem?
ziuras, Member

Ups, after user logof and logon on mydbr, all are correct.
Sory for disturbance.
myDBR Team, Key Master

"Inactive users removed from groups" means that the user found in myDBR does not have groups defined in AD. When myDBR encounters such a user, all user's AD groups are removed from myDBR (user itself will remain in order to keep the history).

Could you check the the groups in question belong to 'myDBR Groups' AD group.

Note that when you are logged in as admin, you can run the Synchronization directly in the browser and you will get more detailed info what is happening during the synchronization. Acess the 'lib/ad_sync.php' under your myDBR installation.

--
myDBR Team
ziuras, Member

>>Could you check the the groups in question belong to 'myDBR Groups' AD group.
Yes, "Domain Users" (Standard Win AD group) where is all AD users are included in group "myDBR Groups" in AD

But i found several groups thats not included in "myDBR Groups".
Example: (All users and groups are in AD)
"User1" belongs to "Domain Users" and "GroupA".
"Domain Users" belongs to "myDBR Groups"
"GroupA" does not belongs to "myDBR Groups"
myDBR Team, Key Master

What is the problem you are seeing? GroupA does not show up in myDBR or that GroupA does show in myDBR? Or User1 does not show up in myDBR?

--
myDBR Team
ziuras, Member

>>Ups, after user logof and logon on mydbr, all are correct.
>>Sory for disturbance.

now all works good.

Reply

You must log in to post.