Auth: Support LDAP nested groups

[RomainDubois]

Issue submitter TODO list

• [X] I've looked up my issue in FAQ
• [X] I've searched for an already existing issues here
• [X] I've tried running main-labeled docker image and the issue still persists there
• [X] I'm running a supported version of the application which is listed here

Describe the bug (actual behavior)

With LDAP authentication, only direct groups of the connected user are collected to compute user roles.

Expected behavior

Groups should be collected recursively to compute user roles (= groups of groups).

Your installation details

Tested with 2956664 version.

LDAP configuration:

AUTH_TYPE=LDAP
SPRING_LDAP_URLS=ldaps://my.ldap.url
SPRING_LDAP_USER_FILTER_SEARCH_BASE=cn=accounts,dc=my-company
SPRING_LDAP_GROUP_FILTER_SEARCH_BASE=cn=accounts,dc=my-company
SPRING_LDAP_USER_FILTER_SEARCH_FILTER=(&(uid={0})(objectClass=inetOrgPerson))
SPRING_LDAP_BASE=cn={0},dc=my-company
SPRING_CONFIG_ADDITIONAL-LOCATION=/roles/roles.yaml

roles.yaml:

---

rbac:
  roles:

    - name: admin
      clusters:
        - main
      subjects:
        - provider: ldap
          type: group
          value: nestedgroup
      permissions:
        - resource: applicationconfig
          actions: all
        - resource: clusterconfig
          actions: all
        - resource: topic
          value: ".*"
          actions: all
        - resource: consumer
          value: ".*"
          actions: all
        - resource: schema
          value: ".*"
          actions: all
        - resource: connect
          value: ".*"
          actions: all
        - resource: ksql
          actions: all
        - resource: acl
          value: ".*"
          actions: [ view ]

Steps to reproduce

1. Find or create a LDAP user U which is member of a group G1 where G1 is member of an other group G2. U should not be a member of G2.
2. Configure Kafka-UI with a LDAP authentication
3. Configure a role on a group G2
4. Log in with user U
5. Check the user has not the role

Screenshots

No response

Logs

No response

Additional context

No response

[github-actions[bot]]

Hi RomainDubois! 👋

Welcome, and thank you for opening your first issue in the repo!

Please wait for triaging by our maintainers.

As development is carried out in our spare time, you can support us by sponsoring our activities or even funding the development of specific issues. Sponsorship link

If you plan to raise a PR for this issue, please take a look at our contributing guide.