You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is currently no way to configure a DN to BIND when the ldap client is not acting on behalf of a particular user. This requires that the ldap server be configured to allow anonymous users to dump at least the group list, including membership.
As far as I can tell, the springboot convention would configure this with ldap.username and ldap.password. I think this would be set with managerDn(). Despite the name, there is not I think this could be any user with read permission for the necessary parts of the ldap database. (so it need not be an admin account) One perhaps relevant example.
fyi. By looking at the openldap server log, I can see that the sequence of operations is:
BIND with the user provided through http basic auth
UNBIND
SEARCH do a groups search
What I would like to see happen if ldap.username is set
BIND with a DN derived from the username provided through http basic auth
UNBIND
BIND with the "manager" DN
SEARCH do a groups search
The text was updated successfully, but these errors were encountered:
There is currently no way to configure a DN to BIND when the ldap client is not acting on behalf of a particular user. This requires that the ldap server be configured to allow anonymous users to dump at least the group list, including membership.
As far as I can tell, the springboot convention would configure this with
ldap.username
andldap.password
. I think this would be set withmanagerDn()
. Despite the name, there is not I think this could be any user with read permission for the necessary parts of the ldap database. (so it need not be an admin account) One perhaps relevant example.fyi. By looking at the openldap server log, I can see that the sequence of operations is:
What I would like to see happen if
ldap.username
is setThe text was updated successfully, but these errors were encountered: