Nuovo Problema

Ldap auth with read only bind user #902

Aperto

aperto da pwFoo · 5 commenti

pwFoo ha commentato

Is it possible to use a (read only) ldap bind user instead of anonymous bind?

KitaitiMakoto ha commentato

Proprietario

@trinity-1686a Do you have any idea?

trinity-1686a ha commentato

Proprietario

I'm not sure what you mean, I'm not very familiar with ldap (despite implementing support in Plume), from what the internet seems to say, an anonymous bind is a bind with empty DN/password, which Plume is not doing (DN is computed from config and username, password is, well the user password).
If the 5 LDAP_* environment variables don't provide what you need, it's probably not implemented, and I'd welcome any ressource explaining better your request.

I'm not sure what you mean, I'm not very familiar with ldap (despite implementing support in Plume), from what the internet seems to say, an anonymous bind is a bind with empty DN/password, which Plume is not doing (DN is computed from config and username, password is, well the user password). If the 5 `LDAP_*` environment variables don't provide what you need, it's probably not implemented, and I'd welcome any ressource explaining better your request.

pwFoo ha commentato

Autore

Hi @trinity-1686a,

I'm also not familiar with ldap. I configured Jitsi with ldap and a bind user. Take a look at jitsi ldap configuration and LDAP_BINDDN / LDAP_BINDPW:

# LDAP user DN. Do not specify this parameter for the anonymous bind
#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com

# LDAP user password. Do not specify this parameter for the anonymous bind
#LDAP_BINDPW=LdapUserPassw0rd

https://github.com/jitsi/docker-jitsi-meet/blob/master/env.example#L161

Hi @trinity-1686a, I'm also not familiar with ldap. I configured Jitsi with ldap and a bind user. Take a look at jitsi ldap configuration and LDAP_BINDDN / LDAP_BINDPW: ``` # LDAP user DN. Do not specify this parameter for the anonymous bind #LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com # LDAP user password. Do not specify this parameter for the anonymous bind #LDAP_BINDPW=LdapUserPassw0rd ``` https://github.com/jitsi/docker-jitsi-meet/blob/master/env.example#L161

trinity-1686a ha commentato

Proprietario

I guess it first bind that user, then bind a 2nd time with the right user? In a few days once I'll have time I'll make a WIP pr, would you be able to test it?

❤️ 1

pwFoo ha commentato

Autore

Yes, I'll test it. I'd like to setup plume with ldap and bind user.
Binddn user is a read only ldap user to authenticate and than check the right user credentials. I use it with search filter to check group membership ("memberof"). Could you try similar config as jitsi? Search filter with binddn should be most flexible?

Yes, I'll test it. I'd like to setup plume with ldap and bind user. Binddn user is a read only ldap user to authenticate and than check the right user credentials. I use it with search filter to check group membership ("memberof"). Could you try similar config as jitsi? Search filter with binddn should be most flexible?

trinity-1686a ha fatto riferimento a questo problema

WIP attempt to do non anonymous ldap connect #908

Effettua l'accesso per partecipare alla conversazione.

Nessuna milestone

Nessuna assegnatario

3 Partecipanti

Notifiche

Data di scadenza

La data di scadenza non è valida o fuori intervallo. Si prega di utilizzare il formato 'aaaa-mm-dd'.

Nessuna data di scadenza impostata.

Dipendenze

Nessuna dipendenza impostata.

Caricamento…

Non ci sono ancora contenuti.

Etichette Traguardi

Ldap auth with read only bind user #902