This PR adds the ability for WriteHat to filter authenticated users to a group membership.
Currently, WriteHat can only filter based on a base scope, e.g., ou=OrgUnit,dc=corp,dc=local. Anyone within the OU OrgUnit would be able to authenticate into the WriteHat instance.
This PR would allow to filter authorized users to a group membership within the OU, e.g. CN=SomeGroupName,OU=OrgUnit,dc=corp,dc=local
Details
git diff --name-status github-dev
M writehat/config/writehat.conf # Added functionality to include the filter option, with examples
A writehat/lib/auth.py # Added filter search based on Active Directory using the ldap module for Django
M writehat/settings.py # Directed the ldap module for Django to use the auth.py module for search filtering criteria
Summary
This PR adds the ability for WriteHat to filter authenticated users to a group membership.
Currently, WriteHat can only filter based on a base scope, e.g.,
ou=OrgUnit,dc=corp,dc=local
. Anyone within the OUOrgUnit
would be able to authenticate into the WriteHat instance.This PR would allow to filter authorized users to a group membership within the OU, e.g.
CN=SomeGroupName,OU=OrgUnit,dc=corp,dc=local
Details