Новая задача

Ldap auth with read only bind user #902

Открыто

открыта pwFoo · комментариев: 5

pwFoo прокомментировал(а)

Is it possible to use a (read only) ldap bind user instead of anonymous bind?

KitaitiMakoto прокомментировал(а)

Владелец

@trinity-1686a Do you have any idea?

trinity-1686a прокомментировал(а)

Владелец

I'm not sure what you mean, I'm not very familiar with ldap (despite implementing support in Plume), from what the internet seems to say, an anonymous bind is a bind with empty DN/password, which Plume is not doing (DN is computed from config and username, password is, well the user password).
If the 5 LDAP_* environment variables don't provide what you need, it's probably not implemented, and I'd welcome any ressource explaining better your request.

I'm not sure what you mean, I'm not very familiar with ldap (despite implementing support in Plume), from what the internet seems to say, an anonymous bind is a bind with empty DN/password, which Plume is not doing (DN is computed from config and username, password is, well the user password). If the 5 `LDAP_*` environment variables don't provide what you need, it's probably not implemented, and I'd welcome any ressource explaining better your request.

pwFoo прокомментировал(а)

Автор

Hi @trinity-1686a,

I'm also not familiar with ldap. I configured Jitsi with ldap and a bind user. Take a look at jitsi ldap configuration and LDAP_BINDDN / LDAP_BINDPW:

# LDAP user DN. Do not specify this parameter for the anonymous bind
#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com

# LDAP user password. Do not specify this parameter for the anonymous bind
#LDAP_BINDPW=LdapUserPassw0rd

https://github.com/jitsi/docker-jitsi-meet/blob/master/env.example#L161

Hi @trinity-1686a, I'm also not familiar with ldap. I configured Jitsi with ldap and a bind user. Take a look at jitsi ldap configuration and LDAP_BINDDN / LDAP_BINDPW: ``` # LDAP user DN. Do not specify this parameter for the anonymous bind #LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com # LDAP user password. Do not specify this parameter for the anonymous bind #LDAP_BINDPW=LdapUserPassw0rd ``` https://github.com/jitsi/docker-jitsi-meet/blob/master/env.example#L161

trinity-1686a прокомментировал(а)

Владелец

I guess it first bind that user, then bind a 2nd time with the right user? In a few days once I'll have time I'll make a WIP pr, would you be able to test it?

❤️ 1

pwFoo прокомментировал(а)

Автор

Yes, I'll test it. I'd like to setup plume with ldap and bind user.
Binddn user is a read only ldap user to authenticate and than check the right user credentials. I use it with search filter to check group membership ("memberof"). Could you try similar config as jitsi? Search filter with binddn should be most flexible?

Yes, I'll test it. I'd like to setup plume with ldap and bind user. Binddn user is a read only ldap user to authenticate and than check the right user credentials. I use it with search filter to check group membership ("memberof"). Could you try similar config as jitsi? Search filter with binddn should be most flexible?

trinity-1686a ссылка на эту проблему

WIP attempt to do non anonymous ldap connect #908

Войдите, чтобы присоединиться к обсуждению.

Нет этапа

Нет назначенных лиц

3 участников

Уведомления

Срок выполнения

Срок действия недействителен или находится за пределами допустимого диапазона. Пожалуйста, используйте формат 'гггг-мм-дд'.

Срок выполнения не установлен.

Зависимости

Зависимостей нет.

Загрузка…

Пока нет содержимого.

Метки Этапы

Ldap auth with read only bind user #902