CMAK icon indicating copy to clipboard operation
CMAK copied to clipboard

Published 20 hours ago verified publisher icon yahoo

Multiple search-base-dn entries

Open bitchkat opened this issue 2 years ago • 2 comments

Our ldap config is a bit weird and our users are in two distinct base trees. Would it be possible to specify multiple search-base-dn entries to avoid having the entire ldap hierarchy (which is a performance problem) scanned?

bitchkat avatar Sep 21 '22 15:09 bitchkat

Also, it looks like when ldap is enabled that the basic auth username is disabled so we can't use that as fallback for the handful of users in the second base tree.

bitchkat avatar Sep 21 '22 16:09 bitchkat

Hi,

I'm not sure if that is what you needed but for us this works:

we are using something like the following as the basicAuthentication.ldap.search-filter in the application.conf: (&(objectClass=user)(sAMAccountName=$capturedLogin$)(|(memberof=CN=DevGroup,OU=Roles,OU=Groups,OU=MYORG,DC=MYCOMPANY,DC=COUNTRY)(memberof=CN=OpsGroup,OU=Roles,OU=Groups,OU=MYORG,DC=MYCOMPANY,DC=COUNTRY)))

kringalf avatar Dec 20 '22 15:12 kringalf