cerebro
cerebro copied to clipboard
lmenezes
LDAP group-search
I have active directory authentication via ldap working properly in the below configuration. I am able to successfully log into cerebro with a username such as tommygarvin and the associated active directory account's password. auth.settings.user-template seems to properly append mydomain to the username such as mydomain\tommygarvin. This works well.
auth = {
type: ldap
settings {
url = "ldap://10.10.10.10"
base-dn = "OU=AADDC Users,DC=mydomain,DC=org"
method = simple
user-template = "mydomain\\%s"
bind-dn = my_service_account
bind-pw = my_service_account_password
group-search {}
}
}
However, I'm having problems with auth.settings.group-search. The same tommygarvin account that was able to successfully authenticate with the above configuration now receives, "Incorrect username or password".
I was expecting to either: A) Successfully log in B) Receive the error shown here https://github.com/lmenezes/cerebro/blob/main/app/controllers/auth/ldap/LDAPAuthService.scala#L53
auth = {
type: ldap
settings {
url = "ldap://10.10.10.10"
base-dn = "OU=AADDC Users,DC=mydomain,DC=org"
method = simple
user-template = "mydomain\\%s"
bind-dn = my_service_account
bind-pw = my_service_account_password
group-search {
user-attr = sAMAccountName
user-attr-template = %s
base-dn = "OU=AADDC Users,DC=mydomain,DC=org"
group = "memberOf=CN=ES Prod Admins,OU=AADDC Users,DC=mydomain,DC=org"
}
}
}
I've tried a few different approaches with auth.settings.group-search.user-attr and auth.settings.group-search.user-attr-template but haven't been able to make progress. I also understand that the logs are non-existent according to https://github.com/lmenezes/cerebro/issues/468 . Hopefully I am simply misunderstanding something. I'm working in Azure Kubernetes Service using Helm to deploy 0.9.4 of cerebro.
