LDAP group for accessing script

[fnpanic]

Hi,

currently it is only possible to use a group for general access to script server via LDAP.

It would be handy to also limit scripts via groups. If you get the membership of a user at login then this could be matched without exessive queries or is there a reason why it is not in?

[bugy]

Hi, it should also work for script access, the same syntax

fnpanic @.***> schrieb am Do., 24. Feb. 2022, 12:13:

Hi,

currently it is only possible to use a group for general access to script server via LDAP.

It would be handy to also limit scripts via groups. If you get the membership of a user at login then this could be matched without exessive queries or is there a reason why it is not in?

— Reply to this email directly, view it on GitHub https://github.com/bugy/script-server/issues/528, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJXPJL33IRTGVAP6DJODN3U4YHD7ANCNFSM5PHCHEVQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you are subscribed to this thread.Message ID: @.***>

[muzzol]

yeah, I'm using groups pulled from LDAP to filter my scripts.

this is my main conf:

{
  "auth": {
    "type": "ldap",
    "url": "ldap://ldap.example.net",
    "username_pattern": "uid=$username,ou=Users,dc=example,dc=global",
    "version": 3
  },
  "access": {
    "allowed_users": [ "fixeduser01", "@rol-system", "@rol-support" , "@rol-telephone" ],
    "admin_users": [ "@rol-system" ]
  },
  "title": "MY Scripts"
}

and on runners I got something like this:

"allowed_users": [ "127.0.0.1", "@rol-system", "@rol-support" ],

[fnpanic]

Awesome! Thanks for pointing this out. Was not clear to me from the docs.