Impersonation is successful, in the sense that my account with membership in OOD_ADMIN_GROUP (mrd20) can access the admin view, and request to impersonate an end-user, generating a success message, and appropriately logging to /var/log/ood-impersonation.log
2026-04-08 18:48:47 -0400, mrd20, sld21, impersonation test
I have access to a test user (tus2), and I have tried to use it as the service account. (There is a request to my identity management colleagues to setup service accounts that are accountable – but of course that will take a bit of time.) In the meantime, I am trying to use ‘tus2’ as a service account for me. is setting the following in ood_auth_map regex as follows sufficient and complete?
mrd20_IMPERSONATION=“tus2”
authorized_users=(“mrd20”)
SERVICE_ACCOUNT=“tus2”
Once I see the flash message “Impersonated user updated to: sld21”, I then go to the session opened with my ‘service account’ tus2, and refresh. This does not update as the impersonated user.
So, question: must the service account conform to a naming scheme, ood_service_*? Are there other properties that a service account must have?
Another question, is there any diagnostic logging to help determine why the impersonation fails?
Thanks!