You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
From the current implementation, it seems that the base_dn attribute from the ldap-auth plugin for a route and the user_dn attribute for a consumer only differ in the cn part. This essentially means that, in the route, we have defined almost the entire tree for some users.
Snippet of the relevant code ifrom ldap-auth.lua plugin:
What if I want a more flexible situation, i.e., that I define the base_dn in the route configuration as ou=users,dc=example,dc=org, but for user_dn I can use cn=user1,ou=serviceUser,ou=users,dc=example,dc=org? In that way, consumers can define users from LDAP with a much wider selection.
Is this scenario supported with the current ldap-auth implementation, or should we write a custom plugin?
Description
From the current implementation, it seems that the base_dn attribute from the ldap-auth plugin for a route and the user_dn attribute for a consumer only differ in the cn part. This essentially means that, in the route, we have defined almost the entire tree for some users.
![image](https://private-user-images.githubusercontent.com/32739355/334094161-526bcaf8-e52a-489f-9654-209255e18f16.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjA2MjA0MzUsIm5iZiI6MTcyMDYyMDEzNSwicGF0aCI6Ii8zMjczOTM1NS8zMzQwOTQxNjEtNTI2YmNhZjgtZTUyYS00ODlmLTk2NTQtMjA5MjU1ZTE4ZjE2LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MTAlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzEwVDE0MDIxNVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWUxM2RiNDc0MzI5ZTQ3NDdiZjRiNjdmMWI2NDQ1MjA0ZTM4NzJkY2RhNjQ3ZTkxOWQyMDNiNDA2ZmZiMGI3OGUmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.bF-XKtS3RNht623zhS2HgaQnUVRxpg30S_BsJgvjBcs)
Snippet of the relevant code ifrom ldap-auth.lua plugin:
What if I want a more flexible situation, i.e., that I define the base_dn in the route configuration as ou=users,dc=example,dc=org, but for user_dn I can use cn=user1,ou=serviceUser,ou=users,dc=example,dc=org? In that way, consumers can define users from LDAP with a much wider selection.
Is this scenario supported with the current ldap-auth implementation, or should we write a custom plugin?
Environment
- Client Version: v1.29.2
- Server Version: v1.27.11
The text was updated successfully, but these errors were encountered: