alan-turing-institute / apricot

An OpenID Connect LDAP proxy
BSD 3-Clause "New" or "Revised" License
14 stars 3 forks source link

Restrict users to those belonging to the selected domain #46

Closed jemrobinson closed 3 months ago

jemrobinson commented 3 months ago

At the moment, all users from the remote directory are added to the LDAP tree under a root DN that corresponds to the Apricot server domain. We should instead only add users who belong to this domain. This mainly affects Microsoft Entra where multiple domains can be combined in a single directory.