New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[management-api] [ldap] [roles] Adding roles to users in Gravitee requires a specific design of an organizations LDAP tree #948

Closed
jasama opened this Issue Dec 15, 2017 · 7 comments

Comments

Projects
None yet
3 participants
@jasama

jasama commented Dec 15, 2017

Expected Behavior

When searching for a user to add a role to in the Management API, it should not be required that the object in LDAP is of class person, as this enforces constraints on an organizations LDAP tree.

Current Behavior

When searching for a user to add a role to in the Management API, it is required that the object in LDAP is of class person.

Possible Solution

Make the objectclass filter in the following locations configurable:

Your Environment

  • Version used: API Management, 1.11.4
@brasseld

This comment has been minimized.

Member

brasseld commented Dec 16, 2017

Do you think you can do these changes with our help ?

@jasama

This comment has been minimized.

jasama commented Dec 18, 2017

I'll give it a go 😺

@jasama

This comment has been minimized.

jasama commented Dec 19, 2017

Adapting the identity lookup to an organizations tree is a slippery slope. We'll rather adapt the organizations tree, if necessary.

@jasama jasama closed this Dec 19, 2017

@jasama jasama reopened this Jan 4, 2018

@brasseld

This comment has been minimized.

Member

brasseld commented Jan 4, 2018

Hi @jasama

Why reopening this issue ?

@jasama

This comment has been minimized.

jasama commented Jan 4, 2018

Hi @brasseld

This is a needed feature for me in order to be able to use Gravitee.

If appropriate, the objectclass filter could have been excluded, but that might create problems for other users?

@brasseld

This comment has been minimized.

Member

brasseld commented Jan 4, 2018

Your PR seems good to me, there is no reason to exclude objectclass filter.

I need to test your PR more deeper with existing LDAP, then, your patch will be included into 1.13.x scheduled for the end of the month.

Is it ok for you ?

@jasama

This comment has been minimized.

jasama commented Jan 5, 2018

@brasseld

Yes, it is. We'll manage.

Thanks!

brasseld added a commit to gravitee-io/gravitee-management-rest-api that referenced this issue Jan 25, 2018

fix(ldap): Add an objectclass configuration property to search for us…
…ers from another objectclass than the default (person).

Closes gravitee-io/issues#948

@brasseld brasseld added this to the 1.13.0 milestone Jan 25, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment