Closed netopvh closed 8 years ago
You can use the limitation filter feature:
https://github.com/Adldap2/Adldap2-Laravel#login-limitation-filter
You need to insert a standard LDAP query filter to only allow specific groups of users to authenticate.
For example, to only allow users that are in an administrator OU, use:
'limitation_filter' => '(ou=Administrators)',
I'm not looking for organizational unit , but the group that the user is included . I saw that search by mail (mail = * )
Group would be ( * = group ) ?
'limitation_filter' => '(memberof=CN=YourGroup,OU=Users,DC=YourDomain,DC=com)',
Hello Steve sorry, more than I am with many questions , it is my first application with this package. You can pass an array of groups? ie more than one group ?
No need to apologize! I'm more than happy to help.
You can pass an array of groups? ie more than one group ?
Yes you can, you just need to pass the filter with both groups in it with the correct LDAP filter syntax:
(|(memberof=CN=YourGroup,OU=Users,DC=YourDomain,DC=com)(memberof=CN=OtherGroup,OU=Users,DC=YourDomain,DC=com))
The above filter would mean that the user needs to be apart of YourGroup
OR OtherGroup
.
(&(memberof=CN=YourGroup,OU=Users,DC=YourDomain,DC=com)(memberof=CN=OtherGroup,OU=Users,DC=YourDomain,DC=com))
The above filter would mean that the user needs to be apart of YourGroup
AND OtherGroup
.
Steve, anyway to allow for nested groups? i.e.
User is a member of group CN=sales,DC=example,DC=com
CN=sales,DC=example,DC=com is a nested group within CN=AppAllowed,DC=example,DC=com
using the filter
(memberof=CN=AppAllowed,DC=example,DC=com)
Having troubles getting this to work.
Thanks
Steve, anyway to allow for nested groups?
This may work:
(memberof:1.2.840.113556.1.4.1941:=CN=AppAllowed,DC=example,DC=com)
Please let me know if it does work so I can update the documentation for this use case :)
Steve,
That worked like a champ.
Thanks
@azmiik Great to hear, thanks for following up!
Hello Steve, I am new with LDAP. I have 14 Department and 30 Branches in my system. How can I make a user group for multi authentication base on the ldap users.
perform authentication only belong to a particular group. How could I do that?
The only user can authenticate to belong to the Administrators group in AD.