Does anyone know if it is possible to configure Web Reports to use AD security groups, instead of user permissions? We have created multiple security groups for our BigFix environment and prefer to manage our user access with these groups. I have attempted to configure Web Reports multiple ways and cannot make it work. Thanks.
We’ve using AD groups to control access to Web Reports. You can add your AD DC to your LDAP Directories via the admin console. When you then login to web reports as ad admin and go to Administration | User Management, you should be able to select LDAP Permissions and see your configured AD server using whatever name you assigned in the console. Select this then you can search for AD groups that you can then assign roles to.
For your Base DN, are you using a generic entry encompassing your entire AD structure? Example: DC=XXXXX,DC=com
Yes, we’re using DC=xxx,DC=yyy,DC=com as the base DN and specifying a primary server and 3 backup servers. For Adanved Options we have a user filter = (objectCategory=user) and Group Filter = (&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648))
My issue with that is that our AD structure is so large when I use dc=xxx,dc=com for my base dn it works fine for our BigFix console, but when trying to setup LDAP connection inside Web Reports and clicking on the connection it spikes the CPU and crashes our domain controller. Only way I have found to resolve this is by pointing to an actual OU which is our issue because our groups and users live in two different OU’s. Is it possible to point your Base DN to two OU’s? ex: ou=xxxx,dc=xxxx,com;ou=xxx,dc=xxxx,dc=com
We’ve not had any problems like that. We have a pretty large AD infra with over 100k AD joined endpoints managed through Bigfix (I can’t comment on the AD aspect as I do not manage AD)