Open dirkpetersen opened 1 week ago
of course , login with username instead of email also works
LDAP_URL=ldaps://ldap.domain.edu:636
LDAP_USER_SEARCH_BASE=OU=User Accounts,dc=domain,dc=edu
LDAP_BIND_DN=CN=ldapuser,OU=User Accounts,DC=domain,DC=edu
LDAP_BIND_CREDENTIALS=1233456
LDAP_LOGIN_USES_USERNAME=true
LDAP_SEARCH_FILTER=(&(sAMAccountName={{username}})(memberOf=CN=LLM-Chat-Users,OU=Groups,DC=domain,DC=edu))
LDAP_FULL_NAME=displayName
What features would you like to see added?
Many organizations would like to start slowly with giving their users access to LLM and govern access with Active Directory authorization (membership in a security group). Currently one can use LDAP_SEARCH_FILTER as a workaround, however the user gets a confusing error message:
Unable to login with the information provided. Please check your credentials and try again.
This is because the filter prevents the user from being found:{ title: '(requireLdapAuth) Error: No user' }
More details
This is my LDAP config :
A super simple solution would be a code change that checks for the string
memberOf=
in LDAP_SEARCH_FILTER and displays a different error message to the end user, e.g. "You are currently not authorized to login, please contact the Administrator of this application for access"Which components are impacted by your request?
General
Pictures
No response
Code of Conduct