Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP: Add filter based on memberOf #31

Open
tigre-bleu opened this issue Jul 17, 2023 · 2 comments
Open

LDAP: Add filter based on memberOf #31

tigre-bleu opened this issue Jul 17, 2023 · 2 comments

Comments

@tigre-bleu
Copy link

LDAP authentication is great. In our use case, it would be useful to have a filter based on the AD groups the user is member of. Only member of the "Crackerjack" security group in AD should be able to log in.

In the same way, another group could be used to configure if the user shall be admin or not in Crackerjack.
@sadreck
Copy link
Contributor

sadreck commented Jul 17, 2023

This is a good recommendation, can you try specifying the OU in the settings to be the one for the CrackerJack users?

As for the admin one, it'd also be a good addition, but originally I've kept it separate to avoid being locked out if the LDAP server was down - by forcing to use local accounts.

@tigre-bleu
Copy link
Author

Depending on the layout of the AD, in the same OU some accounts shall be allowed to login and other not hence the filter on group membership rather than OU.

Regarding admin accounts, you could still try to authenticate locally and LDAP, whichever succeeds.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tigre-bleu @sadreck