search

instaclustr / cassandra-ldap

LDAP Authenticator for Apache Cassandra
Apache License 2.0
24 stars 16 forks source link

Group Permissions #48

Open faustobranco opened 5 months ago

faustobranco commented 5 months ago

Is it possible to work with groups? My login is part of a group, as in the example below. The group has permissions, so any other user in the group inherits the permissions?

cassandra@cqlsh> Select * from system_auth.roles;

 role                                                                             | can_login | is_superuser | member_of | salted_hash
----------------------------------------------------------------------------------+-----------+--------------+-----------+--------------------------------------------------------------
 CN=cassandra-admins,OU=UserSecurityGroups,OU=SecurityGroups,DC=mydomain,DC=local |      True |         True |      null |                                                         null
                                                                        cassandra |      True |         True |      null | $2a$10$p.Skn4WmhbRK84Q1CgJyUuMxh907.4lJEx.OqZiczvbtyruoIzsD.
                            CN=Fausto Branco,OU=UserAccounts,DC=mydomain,DC=local |      True |        False |      null |                                                         null
                                 CN=servicedn,OU=AppAccounts,DC=mydomain,DC=local |      True |         True |      null |                                                         null

Filter: sAMAccountName=fausto.branco
requesting: (memberof=CN=cassandra-admins,OU=UserSecurityGroups,OU=SecurityGroups,DC=mydomain,DC=local)
# extended LDIF
#
# LDAPv3
# base <OU=UserAccounts,DC=mydomain,DC=local> with scope subtree
# filter: sAMAccountName=fausto.branco
# requesting: (memberof=CN=cassandra-admins,OU=UserSecurityGroups,OU=SecurityGroups,DC=mydomain,DC=local)
#

# Fausto Branco, UserAccounts, mydomain.local
dn: CN=Fausto Branco,OU=UserAccounts,DC=mydomain,DC=local

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

What version of Cassandra are you using?

Cassandra 4.0.4

What version of Cassandra LDAP are you using?

LDAP v4.0.7-1.0.0

What did you do?

I created a Role with the group I'm part of

What did you expect to see?

Permissions inherited from the group or login, as I am part of the group

smiklosovic commented 4 months ago

You can set default role a user will be assigned to by default_role_membership property as described in the readme, otherwise I do not understand your question.