-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add config example for LDAP groupOfUniqueNames group structure #1549
Conversation
Thanks for choosing to contribute @zmiguel. We lint all PR's with golangci-lint, I may add a review to your PR with some suggestions. You are free to apply the changes if you're comfortable, alternatively you are welcome to ask a team member for advice. ArtifactsThese changes once approved by a team member will be published for testing on Buildkite and DockerHub. Docker Container
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, which LDAP standard/backend are you using? RFC4519?
Also just need to adjust this file too (same change as the config template):
https://github.com/authelia/authelia/blob/master/docs/configuration/authentication/ldap.md
Codecov Report
@@ Coverage Diff @@
## master #1549 +/- ##
=======================================
Coverage 66.24% 66.24%
=======================================
Files 144 144
Lines 4005 4005
Branches 169 169
=======================================
Hits 2653 2653
Misses 1133 1133
Partials 219 219
Flags with carried forward coverage won't be shown. Click here to find out more. |
I'm using OpenLDAP configured to use RFC2307BIS_SCHEMA I initialized my LDAP database using the wheelybird/ldap-user-manager docker container that uses This pull request is to provide more information to new users that might be using the same setup on their docker deployments that they need to change the group filter so authelia correctly picks up the groups for the given username. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
I was just curious for the future, it's nice to know what our users are using so we can setup LDAP implementation templates like this: https://www.authelia.com/docs/configuration/authentication/ldap.html#implementation Thanks for contributing! If you were interested in contributing in a future PR we could assist either via GitHub, Matrix, or Discord (see badges on https://github.com/authelia/authelia to join Matrix/Discord). |
Based on #1517
Adding a comment to the LDAP group section of the config file to tell users they need to use a different group_filter if their LDAP groups use the
groupOfUniqueNames
structure instead of the expectedgroupOfNames
structure.Not doing so result in Authelia not finding the groups for the user and not authorizing group-based access.