Open guo3561101 opened 2 years ago
Right now, we do a full match of group names, include CN,OU,DC: https://github.com/StackStorm/st2-auth-ldap/blob/9d8b42d6582e6de5994b8c57945b3cee5b18c188/st2auth_ldap/ldap_backend.py#L178-L185 https://github.com/StackStorm/st2-auth-ldap/blob/9d8b42d6582e6de5994b8c57945b3cee5b18c188/st2auth_ldap/ldap_backend.py#L392-L397
This logic needs to be modified to allow for:
ou=people,dc=example,dc=cn
),
The log tells me that I can log in to LDAP only when required_groups equals actual_groups
The following configuration does not allow login
I have to change group_dns to
"cn=st2users,ou=people,dc=example,dc=cn"
,so that I can log in successfullyCurrently I can only add my LDAP authentication by adding group_dns
I can't find my user information without changing group-pattern
my ldap user dn =
cn=user1,ou=ops,ou=People,dc=example,dc=cn
I can log in successfully only when group_dns equals my user DN