Problem "list all groups of a user" Veyon 4.1.4 x64



  • Hello
    I had encountered the same problem as in another post
    when doing a test to "list all groups of a user" veyon forwarding the user belongs to all groups available in the LDAP
    if you perform filtering in advanced settings, the test returns that the user belongs to all filtered groups.... upgrading veyon to 4.1.4 64bits did not solve this problem. on Windows 7 x64
    This poses problems accessing the veyon application by unauthorized users.

    I have another problem :
    On Virtual Machines I recreated a network of the same structure that I have in school, with users in different OU
    so in the LDAP setting, the case "user tree" is empty, and applied in advanced filter: (& (objectCategory = person) (objectClass = user))
    the filtering test works and sends me the 14 users of the domain in the different OU. Well that's good...
    But I did a test on a work computer (4.14 64bits version), the filtering found only the first 1000 users (problem known in the LDAP queries, which by default limited to 1000) but in my LDAP I have about 3500 users ...

    Another suggestion to propose in the debugging the command line the addition of the command search groups to which a user belongs because the window of test returns only the two first ones which makes difficult the debugging

    Thank you for your work...
    Fred



  • Quick question: can you verify that you have a non-empty value set for the Group member attribute? In 4.1.4 the list all groups of user functionality should only return all groups if the attribute is not set, otherwise the group query is always performed with a filter like (<GROUP-MEMBER-ATTRIBUTE>=<USER-DN-OR-LOGIN>), e.g. (member=CN=foo,OU=users,DC=example,DC=org).



  • Good evening
    I'm afraid I do not understand your question ...
    I will try to clarify things with screenshots
    In my LDAP I have users in OU elevesco, profsco, administratif and Users
    0_1539199671591_379801d0-71a3-43a0-83b6-4abe2e7ace38-image.png
    My groups are all in the OU Users
    Take for example a student beraco_p
    its distinguishedName attribute
    0_1539205414161_7586b041-846d-4af0-8481-2dcf59da064e-image.png
    It belongs to 4 groups
    0_1539200014296_2002f370-69af-40ea-abf2-886c53579c68-image.png
    in Veyon MAster if leaves the Tree Group empty I have 257 entries
    if I put CN = Users I have the 40 groups of my LDAP
    0_1539200190783_bbfffb60-3d95-4b57-af6c-bd659c7e9cad-image.png
    If in the advanced settings I put a filter to retrieve the 14 users
    0_1539200283317_22615ffd-7f69-49a9-a1a9-504983b37d7c-image.png
    If I additionally add a filter on the groups by targeting only the group or the student
    the result of the request is correct, the student belongs to the group
    0_1539205310337_2213eb70-43b8-41a3-8d09-b7e9b8b9d46b-image.png
    If now I filter the 3 groups for which I want to act on group permissions in access control
    0_1539201263161_7861492e-530c-4311-8b17-0e42f8a90e57-image.png
    the group membership test returns the 3 groups ... and if I remove the group filtering the tst referral that the student belongs to the 40 groups
    0_1539201372914_bb67a207-f143-4f9e-b854-b5d58860cc18-image.png
    0_1539201429393_4be4a509-5274-4e10-9144-6c17c3cf37ff-image.png
    if I now test the connection of the student to the veyon master it is allowed while the group to which it belongs is not allowed
    0_1539205144089_031aba8e-ebbc-47d5-8b44-fffab3de692b-image.png
    0_1539205169930_9dac8fe3-b66f-43d1-bbb3-971254a48ff3-image.png
    I hope this helps to help
    Fred



  • Thanks for the detailled information! I still need to know the value you use for the Environment settings -> Object attributes -> Group member attribute setting. It probably has to be member in your environment. Afterwards the correct groups even without an additional filter should be returned.



  • Good evening
    I just understood your request.
    during all my tests I forgot to put member in group member attribute.
    0_1539281084333_c16867be-ebce-4575-9021-76494cd26561-image.png
    once the parameter filled in the filtering step .... the students can not connect to veyon anymore ... so it works on virtual machine ....
    Thank you

    Fred



  • Hello
    I launched a test in a room of my school and it seems to be OK
    thank you for your work
    some suggestions for devolppement: features of italc that were useful:
    when several rooms were set up, we could choose directly a room to display in one click,
    0_1539350202001_a7f416af-7c9f-4785-af01-d8aca106576a-image.png

    When a click held on a thumbnail image of a computer, an enlarged vision of the screen was proposed.
    Good luck and keep it up
    Fred