Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Active Directory: filter disabled users, allow nested group membership for AD auth #8222
Active Directory auth. Filter disabled users and allow nested groups.
DO NOT DELETE THIS TEXT
If you would like to test this pull request then please run:
I don't believe so. get_auth_ad_group_filter() is already employed to get the ldap groups used in this filter. It doesn't pull in user membership information. get_auth_ad_user_filter() queries for a specific user, whereas the filter here checks for membership within a group.
There is a config option for an auth_ad_user_filter, which defaults to "(objectclass=user)". We could potentially just update that to filter disabled users, but i'm not sure that gains us anything.