New simplified LDAP auth driver #9854
Replies: 2 comments 4 replies
-
Not sure I fully understand all your issues, but I believe point 1 and 2 are addressed here where the search scope can be defined: #9529 Point 3: user info is selected using a users full DN including CN, so we get attributes specific to the authenticating user. I don't see the problem here? Point 4: the Point 5: kinda defies the point of LDAP IMO. Currently an LDAP user cannot authenticate with a default Directus account, and vice versa. This is intentional to offload user management to AD. Point 6: also feels unnecessary. Currently the LDAP flow will find all groups belonging to a user and match the group name to an existing role in Directus. So if a user belongs to "Directus-Admin" in AD they will get a "Directus-Admin" role in Directus (if it exists). Otherwise the user is created with no role. It feels like most of your issues will be solved by the linked PR? |
Beta Was this translation helpful? Give feedback.
-
Heya! Thank you for taking the time to submit this request! It has been over 90 days, and this discussion has not received at least 15 votes from the community. This means that we don't feel like there's enough community interest to warrant further R&D into this topic at this time. 🧊 This request will now be closed to keep our discussions tidy. Please reach out if you have any questions! For more information, see our Feature Request Process. |
Beta Was this translation helpful? Give feedback.
-
Hello,
First, I would like to thank you for the amazing project. We use Directus for various internal projects and it really speeds up development and mitigate a lot of headache.
With the release of v9.0.0 new LDAP auth was introduced, which is great addition, but its internal flow, as I see it, is not suitable for organizations with complicated/messy LDAP structure. Below I would try to explain it in detail and propose a pull request.
Why:
Proposed solution
Create new type of auth driver(ldap-simple for example) or extend existing one which has the following differences in comparison to the standard LDAP auth driver:
I have drafted proposed changes as new separate auth driver and can make a pull request to show it. Ready to provide additional details, considerations.
Beta Was this translation helpful? Give feedback.
All reactions