This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to Integrate PAM with Active Directory & Import Users to Framework User Manager ?

I just want to know ,How to Integrate PAM 3.7 with Active Directory & Import AD Users to Framework User Manager ? I have searched through PAM documentation & couldn't find the relevant information .

  • 0 in reply to 

    Hi Team,

    we are facing another issue now.

    for the framework users, we can access the given RDP resources but for the LDAP users we cannot access the resources for the same RDP rule

    framework user - "pam" (UG-RDP-RELAY-2 Group)

    LDAP user - "test" (PAMtest Group)

    RDP Rule - IF (user IN UG-RDP-RELAY-2 OR user IN PAMtest AND command IN RDP Session AND runhost IN HG-RDP-RELAY-2)

    Please find the attached screenshot and please send us some suggestions 

    BR,

    Vimukthi. 

     

  • 0   in reply to 
    Two suggestions:

    1) In the Externally-mapped group, the regex you shared is likely not to catch the real group name due to case sensitivity. e.g. %:=~/^[Cc][Nn]=PAMTest*/ yet the group name in AD is "PAMtest," so I recommend changing the regex to %:=~/^[Cc][Nn]=PAMtest*/

    2) You could also try encapsulating the user conditions within "( )" so that it would read "IF ( user in GRP-A OR user in GRP-B ) ..."
  • 0   in reply to   

    Instead of [cC][nN] to match both lower and upper case letters, one can also use the case insensive RegEX  modifier:

    %:=~/^cn=approvers,ou=groups,o=data/i

     

  • 0 in reply to   

    Hi Klasen,

    I am facing issue in Ldap authentication to, My Ldap user can authenticate into PAM console but when were I'm group mapping it and assigning it permission I cant see the the access which I  have assigned them.

    Direct group mapping is only method where we can see ldap user, because I cant see my ldap user in members.