Is it possible to add users into organisations/teams based on ldap group membership?

Banno / getsentry-ldap-auth

A Sentry extension to add an LDAP server as an authention source.

Apache License 2.0

163 stars 53 forks source link

Is it possible to add users into organisations/teams based on ldap group membership? #21

Closed instinct-vfx closed 5 years ago

instinct-vfx commented 7 years ago

As the subject suggests i was wondering if it is possible already to add people to teams based on group memberships.

As a side note is it possible to change the active/admin/superuser flags in a similar fashion?

barronhagerman commented 7 years ago

This could certainly be done. However, determining the groups of which a particular user is a member is more complicated than a simple LDAP query. I don't know of a standard way to query the group membership of a particular user is a member. Targeting Active Directory, it could be done with the LDAP_MATCHING_RULE_IN_CHAIN matching rule, but that applies only to AD.