search

bigbluebutton / greenlight

A really simple end-user interface for your BigBlueButton server.
GNU Lesser General Public License v3.0
794 stars 3.8k forks source link

[Question] Share Room Access can't search user from LDAP #5662

Closed tzengshinfu closed 9 months ago

tzengshinfu commented 9 months ago

Hello, folks:

We are using bbb-install.sh v2.7 to install BBB+GreenLight v3+KeyCloak v20. In KeyCloak, we have configured User Federation to synchronize user accounts from Microsoft LDAP.

During usage, we have observed that Share Room Access can only search in the [Full Name] field. 1

Unfortunately, we log into KeyCloak using either the [Username] (which corresponds to our personal ID and is sourced from the LDAP [sAMAccountName] field) or [Email], image_20240116_093420

and GreenLight's [Full Name] field contains a combination of KeyCloak's [First name] and [Last name]. (In the format "[First name]<a space>[Last name]", which is not preferable for our Chinese users who typically search in the format "[Last name][First name]".)

Is there a way to modify the KeyCloak mapping to GreenLight so that the [Full name] content becomes "[externail_id]-[Last name][First name]"? Alternatively, could the search criteria be expanded to include searching for [externail_id] and [Email]? 3

farhatahmad commented 9 months ago

I don't have much experience when it comes to field mapping in Keycloak so I wouldn't be able to help there. We could expand the Shared Access search to search the email field as well. Would that help you?

tzengshinfu commented 9 months ago

I don't have much experience when it comes to field mapping in Keycloak so I wouldn't be able to help there. We could expand the Shared Access search to search the email field as well. Would that help you?

Hello, farhatahmad:

Thank you for your response. I believe "expanding the Shared Access search to include the email field" would be beneficial. The email field is present in the BigBlueButton profile and may also serve as the user's login account. LDAP is only used in specific environments, so please disregard the [external_id] field (i.e., personal ID).

Additionally, our current solution involves populating the [displayName] field in the source LDAP with [external_id]-[Last name][First name]. Then, we map KeyCloak's [First name] source to LDAP's [displayName] and remove the mapping for KeyCloak's [Last name]. This way, the BigBlueButton [name] field will be [external_id]-[Last name][First name].