Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add include_users as an alternative to skip_users for authorization #488

Open
df-cgdm opened this issue Jun 3, 2020 · 1 comment
Open

add include_users as an alternative to skip_users for authorization #488

df-cgdm opened this issue Jun 3, 2020 · 1 comment
Labels
enhancement New feature or request help wanted Community contributions are especially encouraged for these issues. triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@df-cgdm
Copy link

df-cgdm commented Jun 3, 2020

We're using authentication against several ldap DB and we're using the UPN as the username attribute. So it will be easier to configure the role search to include only the users which have a upn corresponding to the domain rather than adding exceptions with skip_users which can become hard to maintain.

Something like:

authz:
  roles_from_adm_corp:
    description: "Authorize on domain1.corp"
    http_enabled: true
    transport_enabled: false
    authorization_backend:
      type: "ldap"
      config:
        hosts:
        - "ldap.domain1.corp:389"
        bind_dn: "CN=elk,OU=Users,DC=domain1,DC=corp"
        password: "xxxxxx"
        rolebase: "dc=domain1,dc=corp"
        rolesearch: "(member={0})"
        rolename: "cn"
        resolve_nested_roles: true
        include_users:
        - "*@domain1.corp"
@debjanibnrj debjanibnrj added the enhancement New feature or request label Jun 5, 2020
@davidlago davidlago added the triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. label Oct 10, 2022
@ghost ghost mentioned this issue Nov 3, 2022
Open
@stephen-crawford
Copy link
Contributor

[Triage] This feature remains relevant. Keeping the issue open for future contributions.

@stephen-crawford stephen-crawford added the help wanted Community contributions are especially encouraged for these issues. label Feb 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Community contributions are especially encouraged for these issues. triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@davidlago @df-cgdm @debjanibnrj @stephen-crawford