Problem "list all groups of a user" Veyon 4.1.4 x64
-
Hello
I had encountered the same problem as in another post
when doing a test to "list all groups of a user" veyon forwarding the user belongs to all groups available in the LDAP
if you perform filtering in advanced settings, the test returns that the user belongs to all filtered groups.... upgrading veyon to 4.1.4 64bits did not solve this problem. on Windows 7 x64
This poses problems accessing the veyon application by unauthorized users.I have another problem :
On Virtual Machines I recreated a network of the same structure that I have in school, with users in different OU
so in the LDAP setting, the case "user tree" is empty, and applied in advanced filter: (& (objectCategory = person) (objectClass = user))
the filtering test works and sends me the 14 users of the domain in the different OU. Well that's good...
But I did a test on a work computer (4.14 64bits version), the filtering found only the first 1000 users (problem known in the LDAP queries, which by default limited to 1000) but in my LDAP I have about 3500 users ...Another suggestion to propose in the debugging the command line the addition of the command search groups to which a user belongs because the window of test returns only the two first ones which makes difficult the debugging
Thank you for your work...
Fred -
Quick question: can you verify that you have a non-empty value set for the Group member attribute? In 4.1.4 the list all groups of user functionality should only return all groups if the attribute is not set, otherwise the group query is always performed with a filter like
(<GROUP-MEMBER-ATTRIBUTE>=<USER-DN-OR-LOGIN>), e.g.(member=CN=foo,OU=users,DC=example,DC=org). -
Good evening
I'm afraid I do not understand your question ...
I will try to clarify things with screenshots
In my LDAP I have users in OU elevesco, profsco, administratif and Users
My groups are all in the OU Users
Take for example a student beraco_p
its distinguishedName attribute
It belongs to 4 groups
in Veyon MAster if leaves the Tree Group empty I have 257 entries
if I put CN = Users I have the 40 groups of my LDAP
If in the advanced settings I put a filter to retrieve the 14 users
If I additionally add a filter on the groups by targeting only the group or the student
the result of the request is correct, the student belongs to the group
If now I filter the 3 groups for which I want to act on group permissions in access control
the group membership test returns the 3 groups ... and if I remove the group filtering the tst referral that the student belongs to the 40 groups
if I now test the connection of the student to the veyon master it is allowed while the group to which it belongs is not allowed
I hope this helps to help
Fred -
Thanks for the detailled information! I still need to know the value you use for the Environment settings -> Object attributes -> Group member attribute setting. It probably has to be
memberin your environment. Afterwards the correct groups even without an additional filter should be returned. -
Good evening
I just understood your request.
during all my tests I forgot to put member in group member attribute.
once the parameter filled in the filtering step .... the students can not connect to veyon anymore ... so it works on virtual machine ....
Thank youFred
-
Hello
I launched a test in a room of my school and it seems to be OK
thank you for your work
some suggestions for devolppement: features of italc that were useful:
when several rooms were set up, we could choose directly a room to display in one click,
When a click held on a thumbnail image of a computer, an enlarged vision of the screen was proposed.
Good luck and keep it up
Fred