cd6d114e42
-------------------------- Added new configuration option to ldap auth backend - groupfilter. GroupFilter accepts a Go template which will be used in conjunction with GroupDN for finding the groups a user is a member of. The template will be provided with context consisting of UserDN and Username. Simplified group membership lookup significantly to support multiple use-cases: * Enumerating groups via memberOf attribute on user object * Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes * Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule There is now a new configuration option - groupattr - which specifies how to resolve group membership from the objects returned by the primary groupfilter query. Additional changes: * Clarify documentation for LDAP auth backend. * Reworked how default values are set, added tests * Removed Dial from LDAP config read. Network should not affect configuration. |
||
|---|---|---|
| .. | ||
| app-id | ||
| aws-ec2 | ||
| cert | ||
| github | ||
| ldap | ||
| userpass | ||