ldap.admins_group_node does not work

[ifeneg]

How can I automatically assign admins if I have AD integration. security.ldap.admins_group_node does not work. Only the para.admins setting works.

  para.security.ldap.server_url = "ldap://ldap.domain.org:389"
  para.security.ldap.active_directory_domain = "domain.org"
  para.security.ldap.user_search_filter = "userPrincipalName={0}"
  para.security.ldap.base_dn = "DC=DOMAIN,DC=ORG"

  para.security.ldap.admins_group_node = "OU=ExampleOU,OU=ExampleGroups,CN=example_team"

Is it possible?

[albogdano]

There was a small bug that I just fixed which prevented this from working in all cases. If we have a User DN like this: UID=user,OU=ExampleOU,OU=ExampleGroups,CN=Admins and we set scoold.security.ldap.admins_group_node = "CN=Admins" before the fix this would fail. After the fix, that configuration should work as expected and the user would be promoted to admin.

Since this bug is found in the Para code, you will have to wait for the next release of Para and update it. Scoold itself does not handle authentication requests. Also please change configuration properties from para.* to scoold.*. This is the new way of configuring Scoold.

Erudika/para@a48f3df

[ifeneg]

Thanks! para.log

Found DN: CN=User\, Name,OU=Users,OU=Example,DC=Domain,dc=org
'memberOf' attribute values: [CN=scoold_admins,OU=ADMINS,DC=Domain,dc=org, CN=1, CN=2,...,CN=N]

and automatically assign admins works if

scoold.security.ldap.admins_group_node = "OU=Users,OU=Example,DC=Domain,dc=org"

Is it possible to use the memberOf attribute? For example: CN=User\, Name memberOf CN=scoold_admins,OU=ADMINS,DC=Domain,dc=org and

scoold.security.ldap.admins_group_node = "CN=scoold_admins,OU=ADMINS,DC=Domain,dc=org"

[albogdano]

Currently, the group matching is done against the DN string only, but I will see if I can obtain the data from the MemberOf attribute. Didn't think about that until now... thanks!

[ifeneg]

Great, thanks!