Hi,
I set permissions for manager-dn-account using: Manager-dn account permissions for Active Directory
For each user prorepty SHINYPROXY_USERGROUPS is empty. I want to set access to apps using “groups” property, but for each value I haven’t access to app.
application.yml:
ldap:
url: ldap://dc.partner.ru:3268/dc=partner,dc=ru
user-dn-pattern:
user-search-filter: (sAMAccountName={0})
group-search-base:
group-search-filter: (uniqueMember={0})
manager-dn: cn=ShinyAuth,ou=_System accounts,ou=DNS Users,dc=partner,dc=ru
manager-password: password
…
apps:
- name: current_user
display-name: current user
description: current user and group
docker-cmd: [“R”, “-e”, “shiny::runApp(’/root/GetUser’)”]
docker-image: shiny_reports
groups: analyze
authorization log:
2018-01-31 11:30:00.598 DEBUG 27080 — [ XNIO-2 task-3] o.s.s.l.a.LdapAuthenticationProvider : Processing authentication request for user: username
2018-01-31 11:30:00.733 DEBUG 27080 — [ XNIO-2 task-3] o.s.s.l.a.BindAuthenticator : Attempting to bind as cn=Username,ou=Users,dc=partner,dc=ru
2018-01-31 11:30:00.742 DEBUG 27080 — [ XNIO-2 task-3] o.s.s.l.a.BindAuthenticator : Retrieving attributes…
2018-01-31 11:30:00.743 DEBUG 27080 — [ XNIO-2 task-3] .s.s.l.u.DefaultLdapAuthoritiesPopulator : Getting authorities for user cn=Username,ou=Users,dc=partner,dc=ru
2018-01-31 11:30:00.744 DEBUG 27080 — [ XNIO-2 task-3] .s.s.l.u.DefaultLdapAuthoritiesPopulator : Searching for roles for user ‘username’, DN = ‘cn=Username,ou=Users,dc=partner,dc=ru’, with filter (uniqueMember={0}) in search base ''
2018-01-31 11:30:00.750 DEBUG 27080 — [ XNIO-2 task-3] .s.s.l.u.DefaultLdapAuthoritiesPopulator : Roles from search: []
2018-01-31 11:30:00.750 DEBUG 27080 — [ XNIO-2 task-3] o.s.s.l.u.LdapUserDetailsMapper : Mapping user details from context with DN: cn=Username,ou=Users,dc=partner,dc=ru
2018-01-31 11:30:00.754 INFO 27080 — [ XNIO-2 task-3] eu.openanalytics.services.UserService : User logged in [user: username]
Why I not see user groups?
May be manager-dn-account have not necessary rights? Or shinyproxy cannot to get groups from Active Directory? Or config is incorrected?