« previous next »
Pages: [1]   Go Down

Author Topic: Group extraction and dual authentication  (Read 852 times)

Offline Paul B

  • Hero Member
  • *****
  • Posts: 193
  • Karma: 20
Group extraction and dual authentication
« on: June 08, 2009, 03:44:54 AM »
I'm doing some revision of various AGEE things. Currently I'm looking at User Authentication and Group Extraction.

I'm 100% happy about using single auth, and extracting groups, but what happens when you go to dual auth. Ok, I know that you'll (potentially) end up with a list of extracted groups, some from the primary, some from the secondary.

But how do you tell your AGEE to, for example, ignore any groups that are extracted from your primary auth server, and only use the groups extracted from the secondary?

Maybe, in LDAP, you could just blank out the Group Atribute (normally set to "memberOf")? or is there a better / proper way to do this?


Paul
Logged

Offline Digital

  • Contributor
  • *
  • Posts: 4
  • Karma: 1
  • Citrix
Re: Group extraction and dual authentication
« Reply #1 on: June 29, 2009, 06:21:31 PM »
I know this is an older thread but I'll see if the Thread Starter comes back to it..


Question:

Does your Secondary Auth have the same groups as the First? The reason for asking is, if you are using Active Directory there is no way to tell it to STOP sending the users groups. It is extremely stupid in that regard.

If the groups are different, then you can just make those groups on the NS match those present on the Secondary Auth, and the Netscaler will discard the first one's.

Let me know if this helps.
Logged

Offline Paul B

  • Hero Member
  • *****
  • Posts: 193
  • Karma: 20
Re: Group extraction and dual authentication
« Reply #2 on: June 30, 2009, 01:12:27 AM »
The question is pretty much hypothetical... my demo setup only uses single authentication, but it's the sort of question that gets posed by students on my training courses!


Paul
Logged
Pages: [1]   Go Up
« previous next »