Project

General

Profile

Feature #863

add ability to restrict ldap authentication to a security group

Added by Corey Osman almost 12 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Authentication
Target version:
1.3.0
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

I would like to be able to specify ldap authentication to only do name lookups by a specific group:

example:

can I restrict by group like this : cn=foremanadmins, ou=Security Groups, dc=MYDOMAIN,dc=CORP

I currently have this enabled with my subversion setup so I was hoping I could do it on foreman as well.

Related issues

Related to Foreman - Feature #813: Support AD group membership for authorization and authenticationClosed2011-03-31

Associated revisions

Revision 4e4671ce (diff)
Added by Nils Domrose over 9 years ago

fixes #863 - added ldap_filter to LDAP auth sources to filter lookups using RFC 2254 filters

History

#1 Updated by Benjamin Papillon over 11 years ago

And also important, affect role based on LDAP group.
If it's possible to create a LDAP Group type,(auto create user option enabled) then when the user from a group connect for the first time, the good role is automatically assigned.

#2 Updated by monte olvera over 11 years ago

I would also like to have ldap auth restricted to members of an ldap group.

#3 Updated by Karl Vollmer about 10 years ago

I need this for work, so I put $100 down for anyone who will complete this functionality.

https://www.bountysource.com/#issues/116703-add-ability-to-restrict-ldap-authentication-to-a-security-group

#4 Updated by Mikael Fridh almost 10 years ago

just a bit of a pseudo-code version of doing it (untested): https://github.com/frimik/foreman/compare/863-ldap_group_restriction

The actual search method code was tested against Active Directory before I hackishly put this example in the Foreman code though as I recently built some puppet functions to get canonical user and group information from Active Directory with net-ldap.

Perhaps it can inspire someone to clean it up, make it work and add it as a configuration setting?

#6 Updated by Dominic Cleal over 9 years ago

  • Description updated (diff)
  • Category set to Authentication
  • Status changed from New to Ready For Testing

#7 Updated by Dominic Cleal over 9 years ago

  • Target version set to 1.3.0

#8 Updated by Anonymous over 9 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF