plugin-LoginLdap icon indicating copy to clipboard operation
plugin-LoginLdap copied to clipboard

group-based (memberOf) access profile synchronization

Open chicobento opened this issue 8 months ago • 1 comments

Motivation

Current access profile demands changing ldap schema, which is very intrusive and almost impossible to change in bigger companies with stable ldap structures.

Proposal

Proposal is to get user access profile based on memberOf: we should be able to define the view/admin/superuser/write profile via ldap groups, i.e: if user is memberOf "matomo-admins" group then user gets proper admin permission.

chicobento avatar Mar 24 '25 13:03 chicobento

Hi @chicobento . Thank you for taking the time to create this issue. That seems like an interesting proposal. It sounds like we would need to add some new configs to allow mapping specific LDAP memberOf groups to Matomo user roles. I'll add this enhancement idea to our backlog to reviewed and prioritised by our Product team.

snake14 avatar Mar 24 '25 20:03 snake14