H
Homarr3d ago
DeDe

Admin groups - right permissions assignment

I'm looking to configure the owner / admin rights from ActiveDirectory groups, the basic user auth is ok, but the user don't get rights. My docker-compose.yml 
     AUTH_LDAP_USERNAME_ATTRIBUTE: sAMAccountName
     AUTH_LDAP_USER_MAIL_ATTRIBUTE: mail
     AUTH_LDAP_SEARCH_SCOPE: sub
     AUTH_LDAP_GROUP_CLASS: groupOfUniqueNames
     AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: member
     AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE: distinguishedName
     AUTH_LDAP_OWNER_GROUP: Homarr_owners
     AUTH_LDAP_ADMIN_GROUP: Homarr_admins
     AUTH_LDAP_USERNAME_ATTRIBUTE: sAMAccountName
     AUTH_LDAP_USER_MAIL_ATTRIBUTE: mail
     AUTH_LDAP_SEARCH_SCOPE: sub
     AUTH_LDAP_GROUP_CLASS: groupOfUniqueNames
     AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: member
     AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE: distinguishedName
     AUTH_LDAP_OWNER_GROUP: Homarr_owners
     AUTH_LDAP_ADMIN_GROUP: Homarr_admins
Thanks for your help !
10 Replies
Cakey Bot
Cakey Bot3d ago
Thank you for submitting a support request. Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
Manicraft1001
Manicraft10013d ago
Hi, is the groups object flat?
DeDe
DeDeOP3d ago
flat ?
Manicraft1001
Manicraft10013d ago
And did you read our documentation at https://homarr.dev/docs/1.12.0/advanced/single-sign-on/ ?
Single Sign On | Homarr documentation
Homarr supports multiple authentication options, from internal userbase (credentials), to LDAP (with Active directory support), and OIDC.
DeDe
DeDeOP3d ago
Yes
Manicraft1001
Manicraft10013d ago
@Meierschlumpf can you check?
DeDe
DeDeOP3d ago
I've done before posting 😉
DeDe
DeDeOP3d ago
No description
DeDe
DeDeOP3d ago
homarr  | 2025-04-16T09:48:25.957Z info: Found 14 groups for user testuser.
homarr  | 2025-04-16T09:48:25.957Z info: Found 14 groups for user testuser.
With this configuration (i've try with dn as owner / admin group) 
     AUTH_LDAP_SEARCH_SCOPE: sub
     AUTH_LDAP_GROUP_CLASS: group
     AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: member
     AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE: dn
     AUTH_LDAP_OWNER_GROUP: Homarr_owners
     AUTH_LDAP_ADMIN_GROUP: Homarr_admins
     AUTH_LDAP_SEARCH_SCOPE: sub
     AUTH_LDAP_GROUP_CLASS: group
     AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: member
     AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE: dn
     AUTH_LDAP_OWNER_GROUP: Homarr_owners
     AUTH_LDAP_ADMIN_GROUP: Homarr_admins
Groups are detected but rights are not applied 
homarr  | 2025-04-16T11:13:48.158Z info: Connected to LDAP server. Searching for user...
homarr  | 2025-04-16T11:13:48.175Z info: User testuser found in LDAP. Logging in...
homarr  | 2025-04-16T11:13:48.185Z info: User testuser logged in successfully, retrieving user groups...
homarr  | 2025-04-16T11:13:48.190Z info: Found 12 groups for user testuser.
homarr  | 2025-04-16T11:13:48.210Z info: User testuser not found in the database. Creating...
homarr  | 2025-04-16T11:13:48.233Z info: User testuser created successfully.
homarr  | 2025-04-16T11:13:48.269Z info: Added user to everyone group.
homarr  | 2025-04-16T11:13:48.158Z info: Connected to LDAP server. Searching for user...
homarr  | 2025-04-16T11:13:48.175Z info: User testuser found in LDAP. Logging in...
homarr  | 2025-04-16T11:13:48.185Z info: User testuser logged in successfully, retrieving user groups...
homarr  | 2025-04-16T11:13:48.190Z info: Found 12 groups for user testuser.
homarr  | 2025-04-16T11:13:48.210Z info: User testuser not found in the database. Creating...
homarr  | 2025-04-16T11:13:48.233Z info: User testuser created successfully.
homarr  | 2025-04-16T11:13:48.269Z info: Added user to everyone group.
Meierschlumpf
Meierschlumpf3d ago
What do you mean with rights are not applied? Homarr does neither create any groups from external providers or guesses what permissions they could have. So If you want the admins to have admin permission, you need to add a group in Homarr with the name Homarr_admins (matching the casing and name of ldap) and give them the permission for admin in Homarr

Did you find this page helpful?