새로운 이슈

Ldap auth with read only bind user #902

오픈

pwFoo가 을 오픈 · 5개의 코멘트

pwFoo 코멘트됨,

Is it possible to use a (read only) ldap bind user instead of anonymous bind?

KitaitiMakoto 코멘트됨,

소유자

@trinity-1686a Do you have any idea?

trinity-1686a 코멘트됨,

소유자

I'm not sure what you mean, I'm not very familiar with ldap (despite implementing support in Plume), from what the internet seems to say, an anonymous bind is a bind with empty DN/password, which Plume is not doing (DN is computed from config and username, password is, well the user password).
If the 5 LDAP_* environment variables don't provide what you need, it's probably not implemented, and I'd welcome any ressource explaining better your request.

I'm not sure what you mean, I'm not very familiar with ldap (despite implementing support in Plume), from what the internet seems to say, an anonymous bind is a bind with empty DN/password, which Plume is not doing (DN is computed from config and username, password is, well the user password). If the 5 `LDAP_*` environment variables don't provide what you need, it's probably not implemented, and I'd welcome any ressource explaining better your request.

pwFoo 코멘트됨,

포스터

Hi @trinity-1686a,

I'm also not familiar with ldap. I configured Jitsi with ldap and a bind user. Take a look at jitsi ldap configuration and LDAP_BINDDN / LDAP_BINDPW:

# LDAP user DN. Do not specify this parameter for the anonymous bind
#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com

# LDAP user password. Do not specify this parameter for the anonymous bind
#LDAP_BINDPW=LdapUserPassw0rd

https://github.com/jitsi/docker-jitsi-meet/blob/master/env.example#L161

Hi @trinity-1686a, I'm also not familiar with ldap. I configured Jitsi with ldap and a bind user. Take a look at jitsi ldap configuration and LDAP_BINDDN / LDAP_BINDPW: ``` # LDAP user DN. Do not specify this parameter for the anonymous bind #LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com # LDAP user password. Do not specify this parameter for the anonymous bind #LDAP_BINDPW=LdapUserPassw0rd ``` https://github.com/jitsi/docker-jitsi-meet/blob/master/env.example#L161

trinity-1686a 코멘트됨,

소유자

I guess it first bind that user, then bind a 2nd time with the right user? In a few days once I'll have time I'll make a WIP pr, would you be able to test it?

❤️ 1

pwFoo 코멘트됨,

포스터

Yes, I'll test it. I'd like to setup plume with ldap and bind user.
Binddn user is a read only ldap user to authenticate and than check the right user credentials. I use it with search filter to check group membership ("memberof"). Could you try similar config as jitsi? Search filter with binddn should be most flexible?

Yes, I'll test it. I'd like to setup plume with ldap and bind user. Binddn user is a read only ldap user to authenticate and than check the right user credentials. I use it with search filter to check group membership ("memberof"). Could you try similar config as jitsi? Search filter with binddn should be most flexible?

trinity-1686a referenced this issue

WIP attempt to do non anonymous ldap connect #908

로그인하여 이 대화에 참여

마일스톤 없음

담당자 없음

참여자 3명

알림

마감일

기한이 올바르지 않거나 범위를 벗어났습니다. 'yyyy-mm-dd'형식을 사용해주십시오.

마감일이 설정되지 않았습니다.

의존성

No dependencies set.

불러오는 중...

아직 콘텐츠가 없습니다.

레이블 마일스톤

Ldap auth with read only bind user #902