Closed gaspardpetit closed 6 years ago
Change submited, will require Graylog 2.4 : https://github.com/Graylog2/graylog-plugin-auth-sso/pull/33
We have a similar usecase. We use the SSO authentication plugin and we want to use the LDAP support in Graylog. We want to add a specific group in AD and tie that group to a certain Graylog Role. Our organisation is large and maintaining user/roles will be a big issue for us over time.
Closing this in favour of https://github.com/Graylog2/graylog2-server/issues/3968
Thank you!
I have a use case where I would like to use SSO for authentication but Ldap for roles. I would like to submit two changelists which would (1) expose a public
syncLdapUser(String principal)
method on theLdapUserAuthenticator
class ingraylog2-server
and (2) call this method from the SSO plugin when the user signs-in and Ldap is enabled. Is this change worth submitting?This will require the SSO plugin to receive an instance of the
LdapUserAuthenticator
class and will tightly couple them, but I figured that sinceLdapUserAuthenticator
is built-in into graylog, it might be an acceptable solution.