HI I’m trying to integrate Omnisci Immerse with our Active directory environment. So far i have managed to be able to get users to authenticate. However I cannot get the Super User function working.

I have created two groups in AD, Omnisciusers and Omnscisuper
I have created a role called Omnsciusers in immerse and assigned the Access privilege to it .
My omnisci conf contains the following:

ldap-uri = “ldap://10.121.32.5”
ldap-dn = “cn=$USERNAME,cn=users,dc=liegetest,dc=com”
ldap-role-query-url = “ldap://10.121.32.5/cn=$USERNAME,cn=users,dc=liegetest,dc=com?memberOf”
ldap-role-query-regex = “(Omniscius.*?),”
ldap-superuser-role = “Omniscisuper”

The results of the above are:

if I add a AD user to the Omnisciusers group they can log in
If I add a user to the Omniscisuper group, they are denied access
If I add the same user that is in omniscisuper group to omnisiusers they can log in however are not assigned the super role

If I change the conf file to this:
ldap-role-query-regex = “(Omniscius.*?),”
ldap-superuser-role = “Omniscusers”

Both the users added above can log in and are both assigned super role.

Help appreciated

Hi @mixhali,

Welcome to the community forum.

Taking a quick look at your configuration, it looks like the parameter.

ldap-role-query-regex = “(Omniscius.*?),”

It has a wrong value, so I can’t get how the roles can get correctly detected.

Have you tried to run the curl command suggested on docs?

curl --user "uid=kiran,cn=users,cn=accounts,dc=mycompany,dc=com" 
"ldap://myldapserver.mycompany.com/uid=kiran,cn=users,cn=accounts,dc=mycompany,dc=com?memberOf"

and the process the results with SED or a similar command to see if the Regex expression match your role names

I cannot try the entire environment right now, but using this filter.

ldap-role-query-regex = (Omnisci.*?),

Assuming the roles are called
Omnisciusers and Omniscisuper, it’s going to match both when I tried with regex101.

immagine1534×533 39.8 KB

I will try to reproduce everything asap, in the meanwhile could you post the logfile

$OMNISCI_STORAGE/mapd_log/omnisci_server.INFO

As suggested into the documentation?

Regards,
Candido

p.s. Are you using the Free Edition of tìout Software?