search

goauthentik / authentik

The authentication glue you need.
https://goauthentik.io
Other
7.9k stars 609 forks source link

Scriptable property mappings for LDAP outpost #10210

Open WERTBON1789 opened 3 weeks ago

WERTBON1789 commented 3 weeks ago

Is your feature request related to a problem? Please describe. I think it would be a really useful feature to have "scriptable" LDAP properties, much like the scope mappings in OAuth2/OIDC land, so someone doesn't have to hard-code values in the user's attributes, but can generate them on the fly without needing to update them. I think that would also help to bridge the gaps of support like Samba authentication for example.

Describe the solution you'd like The Scope Mappings from OIDC basically 1:1 for LDAP.

Describe alternatives you've considered I think there are some hacks you can do with sssd, but sometimes there just isn't the option to actually change the behavior of the client that much.

rissson commented 2 weeks ago

We probably won't be implementing this anytime soon, as the performance would be appalling

quentinmit commented 1 week ago

Why would the performance be appalling? The LDAP outpost is already doing this mapping; it's just currently using a hardcoded mapping instead of a user-controlled mapping.

rissson commented 1 week ago

Why would the performance be appalling? The LDAP outpost is already doing this mapping; it's just currently using a hardcoded mapping instead of a user-controlled mapping.

That's exactly why it's faster. This is way faster than compiling and running Python.