privacyidea-ldap-proxy
privacyidea-ldap-proxy copied to clipboard
privacyidea
:evergreen_tree: LDAP Proxy to intercept LDAP binds and authenticate against privacyIDEA
We have our proxy users in one section in LDAP. We wanted to allow all these proxy users without allowing them one by one. I used fnmatch to make the...
Analogously to [ldap3](http://ldap3.readthedocs.io/servers.html#server-pool), we could implement a server pool for the connection to the LDAP backend. We could then specify multiple backends of which one will be chosen according to...
For a user with a single push token this proxy is working perfectly. But if there are multiple push tokens associated with a given user then I end up getting...
The following LDAP communication channels may employ TLS: * `LDAP ProxyLDAP Backend`: For that, we can use the `LDAPClient.startTLS` method, but we should check to which extent certificates are validated...
Zammad integration is currently a bit tricky: * Zammad does a few things that make the LDAP proxy hiccup, e.g. it seems like it closes the LDAP connection before all...
Make it possible to specify a regex pattern for the passthrough DNs.
Hi, just dumping this here maybe it helps someone. (And yes, I know, there exists a "direct" integration of PrivacyIDEA and Apache HTTPD 2.2. But there are always people who...
Actually, we could perform the realm mapping first, check if the credentials are found in the bind cache (because the bind cache operates on DNs, not privacyIDEA usernames) and only...
As LDAP is largely case-insensitive, we should make sure the proxy is not stricter than LDAP.
Implement a new realm mapping strategy that assigns the realm based on the client IP.
Metadata
Owner
Metadata
:evergreen_tree: LDAP Proxy to intercept LDAP binds and authenticate against privacyIDEA