Integrated Web Server + AD

Viewing 15 posts - 1 through 15 (of 19 total)
1 2
  • Back to forum
    Posted in: Muster 9
  • Emerson College
    10th September 2018 at 8:01 pm #17136

    Hey All,

    Is there a way to use Active Directory credentials to allow people to log into the Integrated Web Server to submit jobs? We are trying to get rid of the shared user account option and allow people to connect to the renderfarm using their own credentials.

    Thanks,
    Andres

    Leonardo Bernardini
    11th September 2018 at 10:34 am #17138

    Hi andres

    On what muster version you are ?

    Once you enable ldap/ad bindings even the web server let you log in using those credentials as console/mrtool do

    Aytaç
    14th June 2021 at 12:21 pm #34385

    Hi Leonardo,
    I’m trying the same with Muster 9.
    Where should I put the root and intermediate certificates for LDAP/AD if I use AD binding with SSL over port 636?

    Leonardo Bernardini
    14th June 2021 at 3:38 pm #34387

    Depends on the platform. We use openLdap for Linux/Mac and the builtin LDAP windows functions.
    On what platform are you running ?

    Aytaç
    14th June 2021 at 7:01 pm #34388

    Windows Server 2019.

    Leonardo Bernardini
    15th June 2021 at 10:43 am #34389

    Windows Dispatcher + Windows AD should take care of certificates and handshaking automatically. What kind of error are you getting back ?

    Aytaç
    15th June 2021 at 4:56 pm #34390

    It seems a totally unrelated error.
    LDAP objects update error: Failed to query groups on LDAP server:(4)Size limit has exceeded.

    Andres Abreu
    15th June 2021 at 5:03 pm #34391

    We saw that issue “Size Limit Exceed” when trying to query the entire LDAP directory. You would need to lower the amount it queries, had to configure the advanced settings to get less account when setup.

    Leonardo Bernardini
    15th June 2021 at 6:03 pm #34392

    Exactly this has nothing to do with the SSL handshaking, Muster do not use “PAGED QUERIES”, that means accounts and groups are downloaded in a single shot if they are more than your maximum items per request, you get this error. Refer to the LDAP settings and how to increase the page size.

    Aytaç
    16th June 2021 at 12:52 pm #34393

    Where can I find these settings? Is there any documentation on this subject where I can find examples?
    Where in Muster do I increase the page size?

    Andres Abreu
    16th June 2021 at 4:49 pm #34394

    Changing the page size is actually a setting in Active Directory not Muster, we to not mess with AD instead narrowed the focus of the search queries to specific groups in specific OUs to avoid the error.

    Andres Abreu
    16th June 2021 at 4:53 pm #34395

    Here is a stackoverflow topic that is similar to your error: LDAP: ldap.SIZELIMIT_EXCEEDED

    Aytaç
    18th June 2021 at 3:14 pm #34396

    Hi Andres, thank you for pointing out to that topic.
    I found this article regarding filters very helpful: https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx

    There are subgroups with varying user numbers within a major group with more than 26.000 users.
    How am I supposed to retrieve a list from a group with more than 26.000 users without PAGED QUERIES and without changing a setting in Active Directory?

    Aytaç
    22nd June 2021 at 11:14 pm #34397

    Unfortunately, there was not much explaining about LDAP search filters in the wiki of Muster 9. So it took me a while to figure out how to use those filters in Muster.

    The Users retrieval filter shows all LDAP user names who are member of a specific group named Renderfarm-Special-Users.
    (&(objectCategory=Person)(memberOf=CN=Renderfarm-Special-Users))

    The Groups retrieval filter shows all LDAP group names starting with “Department-” e.g. Department-Wrangling, Department-Baking, Department-etc.
    (&(objectCategory=Group)(cn=Department-*))

    By doing it this way Muster does not need to download a large number of individual LDAP users. Thus eliminating the size limit error message.

    Aytaç
    23rd June 2021 at 12:25 pm #34398

    I thought my solution did work, but apparently it did not 🙁

    Do I need to add the users from LDAP groups into LDAP users in Muster?

Viewing 15 posts - 1 through 15 (of 19 total)
1 2

You must be logged in to reply to this topic.