We have been using LDAP for authentication in OCS v2.3.1
After upgrade (2.3.1 => 2.4 => 2.4.1 => 2.5) to OCS v2.5 it's not working like it should
We have to different rights mappings
CONEX_LDAP_CHECK_FIELD1_NAME => memberOf
CONEX_LDAP_CHECK_FIELD1_VALUE =>CN=Super,OU=GlobalGroups,OU=NL,OU=Groups,DC=myDC,DC=org
CONEX_LDAP_CHECK_FIELD2_ROLE => Super administrators
CONEX_LDAP_CHECK_FIELD2_NAME => memberOf
CONEX_LDAP_CHECK_FIELD2_VALUE =>CN=Admins,OU=GlobalGroups,OU=NL,OU=Groups,DC=myDC,DC=org
CONEX_LDAP_CHECK_FIELD2_ROLE => Administrators
When logging in with an Super Account this works fine (FIELD1)
When logging in with Admins account (FIELD2) I get the error: You are not allowed to connect
The account is logged in, just not mapped to Administrators
I'm shore the authentication is OK. When using the wrong password we get a different error
As a workaround I tried setting:
CONEX_LDAP_CHECK_FIELD2_NAME => department
CONEX_LDAP_CHECK_FIELD2_VALUE =>NL Automation
CONEX_LDAP_CHECK_FIELD2_ROLE => Administrators
After this change I'm unable to login as a Super administrator.
The login method/settings for FIELD1 were not changed, but accounts aren't mapped to Super administrators anymore.
It now shows the error "You are not allowed to connect"
But when logging in with an Admins account (FIELD2) I'm able to login with Administrators rights.
This seems like a bug somewhere in the user rights mapping section.