ldap - search an user inside an organizational unit or sub organizational unit

jelix / multiauth-module

Module providing a plugin for jAuth that allows multiple authentication providers

MIT License

0 stars 1 forks source link

ldap - search an user inside an organizational unit or sub organizational unit #10

Open josemvm opened 1 year ago

josemvm commented 1 year ago

hi @laurentj

imagem if a user is not inside the native Users it's not possible to find and authenticate him

an user inside an organiztional unit or a sub organiztional unit DAFAJ - organizational unit - not possible to find AJURICA - organizational unit inside organizational unit not possible to find too imagem

thanks in advance

laurentj commented 1 year ago

Hi,

I guess you should setup searchUserFilter, searchUserBaseDN and bindUserDN correctly. However I cannot help you because the content of this configuration parameters depends on how groups and users are organized into your ldap. See https://github.com/jelix/multiauth-module/blob/master/LDAP.md

laurentj commented 1 year ago

I think you should set searchUserBaseDN with a path containing OU=DAFAJ, OU=AJURIDICA (your ldap manager should give you the full path of AJURIDICA). If you want to search in several groups, it is not possible to indicate several base DN. A solution (that is better for the security IMHO) is to create a new organizational unit containing only users that have access to your application, and indicate the path of this new organizational unit into searchUserBaseDN

josemvm commented 1 year ago

to solve the problem, i created several base DN, like these:

bindUserDN[]="cn=%?%,CN=Users,DC=mydomain,DC=local"
bindUserDN[]="cn=%?%,OU=DAFAJ,DC=mydomain,DC=local"
bindUserDN[]="cn=%?%,OU=AJURIDICA,OU=DAFAJ,DC=mydomain,DC=local"

... ... ... thanks

josemvm commented 11 months ago

hi @laurentj

how can i query a memberOf=CN=Lizmap,OU=Lizmap,DC=mydomain,DC=local ?

where group naming attribute = cn and group member attribute = memberOf

thanks in advance

josemvm commented 11 months ago

A solution (that is better for the security IMHO) is to create a new organizational unit containing only users that have access to your application, and indicate the path of this new organizational unit into searchUserBaseDN

ok, now i've a CN=Lizmap,OU=Lizmap,DC=mydomain,DC=local but inside the container/Organizational Unit (OU) Lizmap i've no users (only the group (CN) Lizmap)

i've only Members inside the group (CN) Lizmap, from other Organizational Units (OU) and from other groups (CN)

imagem

so i need to query memberOf=CN=Lizmap,OU=Lizmap,DC=mydomain,DC=local where group naming attribute = cnand group member attribute = memberOf