nginx-auth-ldap icon indicating copy to clipboard operation
nginx-auth-ldap copied to clipboard

Published 20 hours ago verified publisher icon kvspb

Require a combination of groups

Open bleenders opened this issue 4 years ago • 1 comments

Hey there,

I was wondering if it is possible to authorize based on a combination of 2 groups. Right now it seems to be satisfied when the user is part of one of the groups, I only want to grant them access when they are part of both.

ldap_server test {
    satisfy all;
    url ldap://127.0.0.1:389/OU=accounts,OU=customers,DC=domain,DC=test?cn?sub?(objectClass=inetOrgPerson);
    binddn "cn=admin,dc=domain,dc=test";
    binddn_passwd superSecret;
    group_attribute uniqueMember;
    group_attribute_is_dn on;
    require valid_user;
    require group 'cn=group1,ou=groups,ou=customers,dc=domain,dc=test';
    require group 'cn=group2,ou=groups,ou=customers,dc=domain,dc=test';
}

Is something like that possible out of the box?

bleenders avatar Jun 22 '20 13:06 bleenders

Maybe you can try to add another ldap_server "test1", and add "auth_ldap servers test1" to load this server

zzzzl13 avatar Apr 16 '21 07:04 zzzzl13