hansohn
commented
5 years ago Hello @tkang007,
If the 'application service id' you are referencing is the service account used to bind to ldap in order to search for users and groups, c.LDAPAuthenticator.bind_user_dn can be set to any user dn in your directory and is not impacted by c.LDAPAuthenticator.user_search_base.
If you want to include both OU's referenced above as possible paths for users to be a member of and authenticate against, you would have to set c.LDAPAuthenticator.user_search_base = 'DC=example,DC=com'. You may be able to restrict the objects you return with a modified c.LDAPAuthenticator.user_search_filter but as far as search_base goes, its a single entry.
I use ldap3 for all ldap operations. You may be able to find more info regrading how it implements searches in their search operations docs.
Cheers!
Hi,
Is there any way to auth from multiple OU ?
One OU for application service id, other is user id.
ex) c.LDAPAuthenticator.user_search_base = 'OU=Users,DC=example,DC=com' and c.LDAPAuthenticator.user_search_base = 'OU=ApplicationIDs,DC=example,DC=com'
Thanks in advance for any response.