Vertica 11 ldaplink does not configure "default role all" for the users

raulk89 · September 2022

Hi

Vertica 11
I have configured ldaplink to sync AD groups and users to automatically sync to vertica database.

LDAPLinkFilterGroup='(&(objectClass=group)(|(CN=group1)(CN=group2)))',
LDAPLinkFilterUser='(&(objectClass=user)(CN=*)(|(memberOf=CN=group1,OU=....)(memberOf=CN=group2,OU=.....)))',

So group1 and group2 are automatically created as roles.
And all users in these two ldap groups have these roles present.

But I noticed that when I grant some permissions to roles (group1, group2), then users still don't see anything.

The issue is due to this, these roles are not set as default.

num_all_roles         | 1
all_roles             | group1
num_default_roles     | 0
default_roles         |

But why not ?
This means that due to this, I need to manually add default roles for all the new users that are automatically synced to vertica. Seems like this is too much work. All the reasons for configuring the LDAPLink is to make these actions happen automatically.

Regards
Raul

Bryan_H · September 2022

Have a look at the LDAPLinkAddRolesAsDefault parameter described here:
https://www.vertica.com/docs/12.0.x/HTML/Content/Authoring/Security/LDAPLink/LDAPLinkParameters.htm

SergeB · September 2022

This new parameter was added in 12.0.0 https://www.vertica.com/docs/12.0.x/HTML/Content/Authoring/NewFeatures/12.0/12.0.0/UsersPrivileges.htm

Vertica 11 ldaplink does not configure "default role all" for the users

Comments

Leave a Comment