codechecker icon indicating copy to clipboard operation
codechecker copied to clipboard

Published 20 hours ago verified publisher icon Ericsson

Enable LDAP based group handling with oauth authentication

Open dkrupp opened this issue 6 months ago • 0 comments

#4160 introduces oauth based user authentication

It should be possible to use LDAP based group lookup after successful oauth based authentication. Today, the LDAP based group lookup is configured together with the LDAP based authentication. It would be useful to split the authentication and authorization configuration in the server_config.json

Introduce the following element in teh server_config.json

https://codechecker.readthedocs.io/en/latest/web/authentication/#external-authentication-methods

    "ldap_groups": {
      "enabled" : false,
      "authorities": [
        {
          "connection_url" : "ldap://ldap.example.org",
          "username" : null,
          "password" : null,
          "referrals" : false,
          "deref" : "always",
          "groupBase" : null,
          "groupScope" : "subtree",
          "groupPattern" : "(&(objectClass=group)(member=$USERDN$))",
          "groupNameAttr" : "sAMAccountName"
        }
      ]

If such an element is enabled then after sucessful authentication the group membership should be looked up in these ldap directories too.

With this change, the similar fields in the method_ldap element become redundant and can be removed.

dkrupp avatar Jul 31 '24 12:07 dkrupp