Project

General

Profile

Feature #4853

Limit the users downloaded by AD to an OU.

Added by L P over 6 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Nice to have
Assignee:
Andrew Walker
Category:
Services
Target version:
Estimated time:
Severity:
Low Medium
Reason for Closing:
User Configuration Error
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:

Description

It would be really nice for large organizations or anyone that has thousands of users to be able to filter which users get downloaded by an OU when connecting FreeNas to Active Directory. At the moment LDAP is really the only option that large organizations have since we can filter by the Base DN and not have to download all users.


Related issues

Related to FreeNAS - Feature #16966: Active Directory restricted queriesClosed
Related to FreeNAS - Bug #30696: Fixes for Windows AD User Base entriesDone

History

#1 Updated by Jordan Hubbard over 6 years ago

  • Category set to 36
  • Assignee set to John Hixson
  • Target version set to 79

#2 Updated by John Hixson over 6 years ago

  • Status changed from Unscreened to Screened

#3 Updated by Jordan Hubbard over 6 years ago

  • Target version changed from 79 to 103

#4 Updated by Jordan Hubbard about 6 years ago

  • Target version changed from 103 to 9.3-BETA

#5 Updated by Jordan Hubbard about 6 years ago

  • Target version changed from 9.3-BETA to 111

#6 Updated by Anonymous over 5 years ago

  • Target version changed from 111 to 134

#7 Updated by Erin Clark over 5 years ago

  • Project changed from FreeNAS to 9
  • Category changed from 36 to 179
  • Target version changed from 134 to 234

#8 Updated by Jordan Hubbard over 4 years ago

  • Assignee changed from John Hixson to Wojciech Kloska

#9 Updated by Jordan Hubbard over 4 years ago

  • Assignee changed from Wojciech Kloska to Erin Clark

#10 Updated by Jordan Hubbard over 4 years ago

  • Assignee changed from Erin Clark to Piotr Glinianowicz

#11 Updated by Jordan Hubbard over 4 years ago

  • Status changed from Screened to Closed: Not To Be Fixed

We're not going to download and cache all the users going forward - that causes other problems.

#12 Updated by BloodyIron - about 4 years ago

  • Priority changed from Nice to have to Expected

Jordan Hubbard wrote:

We're not going to download and cache all the users going forward - that causes other problems.

You're misunderstanding the scope of this request. The request is for really large AD implementations. By default FreeNAS is already downloading the entire scope of an AD connection. What the request is asking is the ability to specify the scope of the query, perhaps to just a single OU or section of AD so that the whole domain/forest does not get enumerated.

This needs to be re-opened and added into mainline otherwise FreeNAS will fall on its face in larger implementations, which it is doing currently.

#13 Updated by Jordan Hubbard about 4 years ago

  • Priority changed from Expected to No priority

You don't understand. This ticket is in the FreeNAS 10 tracker. FreeNAS 10 doesn't work that way. It doesn't "download the entire scope of an AD connection."

#14 Updated by Jordan Hubbard about 4 years ago

  • Status changed from Closed: Not To Be Fixed to Closed: Not Applicable

#15 Updated by Josh Paetzel about 4 years ago

  • Project changed from 9 to FreeNAS
  • Category changed from 179 to 36
  • Status changed from Closed: Not Applicable to Screened
  • Assignee changed from Piotr Glinianowicz to John Hixson
  • Priority changed from No priority to Nice to have
  • Target version changed from 234 to 9.10.2

John, when you get a chance let's chat about this.

#16 Avatar?id=14398&size=24x24 Updated by Kris Moore about 4 years ago

  • Assignee changed from John Hixson to Erin Clark

#17 Avatar?id=14398&size=24x24 Updated by Kris Moore almost 4 years ago

  • Target version changed from 9.10.2 to 9.10.3

#18 Avatar?id=14398&size=24x24 Updated by Kris Moore over 3 years ago

  • Assignee changed from Erin Clark to John Hixson
  • Target version changed from 9.10.3 to 9.10.4

Back over to you again John! Not sure how feasible it is, we can chat about it later.

#19 Updated by John Hixson over 3 years ago

Kris Moore wrote:

Back over to you again John! Not sure how feasible it is, we can chat about it later.

Very feasible, and a good idea. I believe I've already implemented this partially.

#20 Avatar?id=14398&size=24x24 Updated by Kris Moore over 3 years ago

  • Target version changed from 9.10.4 to 11.1

#21 Avatar?id=14398&size=24x24 Updated by Kris Moore about 3 years ago

  • Target version changed from 11.1 to 11.2-BETA1

#22 Avatar?id=14398&size=24x24 Updated by Kris Moore almost 3 years ago

  • Target version changed from 11.2-BETA1 to 11.3

#23 Avatar?id=14398&size=24x24 Updated by Kris Moore over 2 years ago

  • Status changed from Screened to Not Started

#24 Updated by John Hixson over 2 years ago

  • Assignee changed from John Hixson to Timur Bakeyev

#25 Avatar?id=13649&size=24x24 Updated by Ben Gadd over 2 years ago

  • Target version changed from 11.3 to Backlog

#26 Updated by Timur Bakeyev over 2 years ago

  • Severity set to Low Medium

#27 Updated by Timur Bakeyev over 2 years ago

  • Related to Feature #16966: Active Directory restricted queries added

#28 Updated by Timur Bakeyev over 2 years ago

  • Related to Bug #30696: Fixes for Windows AD User Base entries added

#29 Updated by Timur Bakeyev over 2 years ago

  • Related to Bug #30696: Fixes for Windows AD User Base entries added

#30 Updated by Timur Bakeyev over 2 years ago

  • Related to deleted (Bug #30696: Fixes for Windows AD User Base entries)

#32 Updated by Timur Bakeyev about 2 years ago

  • Category changed from OS to Services

#33 Updated by Dru Lavigne about 2 years ago

  • Assignee changed from Timur Bakeyev to John Hixson

#34 Updated by Dru Lavigne about 2 years ago

  • Assignee changed from John Hixson to William Grzybowski

#35 Updated by William Grzybowski about 2 years ago

  • Status changed from Not Started to Unscreened
  • Assignee changed from William Grzybowski to Andrew Walker

Andrew, we need to figure out if we are actually implementing this or pass on the idea. 4 years is a bit too much.

#36 Updated by Andrew Walker about 2 years ago

  • Status changed from Unscreened to Closed
  • Reason for Closing set to User Configuration Error

This is actually due to cachetool rather than samba. If we turn off directory service caching, then we stop this behavior. This is a workaround support does in large or flakey environments.

Since turning off the directory service cache has no functional impact other than UI drop-downs not being populated, I think we should close this ticket and create a design doc / related tickets for improving the UI as to LDAP / AD users.

#37 Updated by Dru Lavigne about 2 years ago

  • Target version changed from Backlog to N/A

Also available in: Atom PDF