add ability to restrict ldap authentication to a security group
I would like to be able to specify ldap authentication to only do name lookups by a specific group:
can I restrict by group like this : cn=foremanadmins, ou=Security Groups, dc=MYDOMAIN,dc=CORP
I currently have this enabled with my subversion setup so I was hoping I could do it on foreman as well.
#3 Updated by Karl Vollmer over 9 years ago
I need this for work, so I put $100 down for anyone who will complete this functionality.
#4 Updated by Mikael Fridh over 9 years ago
just a bit of a pseudo-code version of doing it (untested): https://github.com/frimik/foreman/compare/863-ldap_group_restriction
The actual search method code was tested against Active Directory before I hackishly put this example in the Foreman code though as I recently built some puppet functions to get canonical user and group information from Active Directory with net-ldap.
Perhaps it can inspire someone to clean it up, make it work and add it as a configuration setting?