Be able to configure multiple service accounts for different purposes - Githubissues

privacyidea / privacyidea-ldap-proxy

:evergreen_tree: LDAP Proxy to intercept LDAP binds and authenticate against privacyIDEA

GNU Affero General Public License v3.0

19 stars 12 forks source link

Be able to configure multiple service accounts for different purposes #18

Open fredreichbier opened 7 years ago

fredreichbier commented 7 years ago

Right now, we use the service account specified in [service-account] for two purposes:

If bind-service-account is set to true, a bind request that was authenticated successfully against privacyIDEA will result in a bind request using the service account credentials against the LDAP backend. This makes it possible to perform searches (if allow-searches is also true).
The lookup user mapping strategy uses the service account credentials to look up usernames.

Maybe we should make it possible to use different service account credentials here?

cornelinux commented 7 years ago

If there are different applications connected to the LDAP proxy, this exspecially seems to make sense...