Ldap auth with read only bind user #902

Создать задачу

Открыто

открыта 2021-02-15 13:40:59 +00:00 pwFoo · 5 комментариев

pwFoo оставлен комментарий

2021-02-15 13:40:59 +00:00

Is it possible to use a (read only) ldap bind user instead of anonymous bind?

KitaitiMakoto оставлен комментарий

2021-02-15 15:01:52 +00:00

Владелец

@trinity-1686a Do you have any idea?

trinity-1686a оставлен комментарий

2021-02-15 18:53:32 +00:00

Владелец

I'm not sure what you mean, I'm not very familiar with ldap (despite implementing support in Plume), from what the internet seems to say, an anonymous bind is a bind with empty DN/password, which Plume is not doing (DN is computed from config and username, password is, well the user password).
If the 5 LDAP_* environment variables don't provide what you need, it's probably not implemented, and I'd welcome any ressource explaining better your request.

I'm not sure what you mean, I'm not very familiar with ldap (despite implementing support in Plume), from what the internet seems to say, an anonymous bind is a bind with empty DN/password, which Plume is not doing (DN is computed from config and username, password is, well the user password). If the 5 `LDAP_*` environment variables don't provide what you need, it's probably not implemented, and I'd welcome any ressource explaining better your request.

pwFoo оставлен комментарий

2021-02-15 19:20:46 +00:00

Автор

Hi @trinity-1686a,

I'm also not familiar with ldap. I configured Jitsi with ldap and a bind user. Take a look at jitsi ldap configuration and LDAP_BINDDN / LDAP_BINDPW:

# LDAP user DN. Do not specify this parameter for the anonymous bind
#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com

# LDAP user password. Do not specify this parameter for the anonymous bind
#LDAP_BINDPW=LdapUserPassw0rd

https://github.com/jitsi/docker-jitsi-meet/blob/master/env.example#L161

Hi @trinity-1686a, I'm also not familiar with ldap. I configured Jitsi with ldap and a bind user. Take a look at jitsi ldap configuration and LDAP_BINDDN / LDAP_BINDPW: ``` # LDAP user DN. Do not specify this parameter for the anonymous bind #LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com # LDAP user password. Do not specify this parameter for the anonymous bind #LDAP_BINDPW=LdapUserPassw0rd ``` https://github.com/jitsi/docker-jitsi-meet/blob/master/env.example#L161

trinity-1686a оставлен комментарий

2021-02-15 21:32:27 +00:00

Владелец

I guess it first bind that user, then bind a 2nd time with the right user? In a few days once I'll have time I'll make a WIP pr, would you be able to test it?

❤️ 1

pwFoo оставлен комментарий

2021-02-15 21:56:01 +00:00

Автор

Yes, I'll test it. I'd like to setup plume with ldap and bind user.
Binddn user is a read only ldap user to authenticate and than check the right user credentials. I use it with search filter to check group membership ("memberof"). Could you try similar config as jitsi? Search filter with binddn should be most flexible?

Yes, I'll test it. I'd like to setup plume with ldap and bind user. Binddn user is a read only ldap user to authenticate and than check the right user credentials. I use it with search filter to check group membership ("memberof"). Could you try similar config as jitsi? Search filter with binddn should be most flexible?