-
- Downloads
connector/ldap: add multiple user to group mapping
Add an ability to fetch user's membership from
groups of a different type by specifying multiple
group attribute to user attribute value matchers
in the Dex config:
userMatchers:
- userAttr: uid
groupAttr: memberUid
- userAttr: DN
groupAttr: member
In other words the user's groups can be fetched now from
ldap structure similar to the following:
dn: cn=john,ou=People,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: john
uid: johndoe
mail: johndoe@example.com
userpassword: bar
dn: cn=qa,ou=Groups,ou=Portland,dc=example,dc=org
objectClass: groupOfNames
cn: qa
member: cn=john,ou=People,dc=example,dc=org
dn: cn=logger,ou=UnixGroups,ou=Portland,dc=example,dc=org
objectClass: posixGroup
gidNumber: 1000
cn: logger
memberUid: johndoe
Signed-off-by:
Vitaliy Dmitriev <vi7alya@gmail.com>
Showing
- Documentation/connectors/ldap.md 34 additions, 11 deletionsDocumentation/connectors/ldap.md
- connector/ldap/ldap.go 55 additions, 40 deletionsconnector/ldap/ldap.go
- connector/ldap/ldap_test.go 148 additions, 6 deletionsconnector/ldap/ldap_test.go
- examples/config-ad-kubelogin.yaml 3 additions, 2 deletionsexamples/config-ad-kubelogin.yaml
- examples/config-ldap.yaml 5 additions, 4 deletionsexamples/config-ldap.yaml
Loading
Please register or sign in to comment