Ability to Customize LDAP integration
midN opened this issue · 2 comments
Hey there,
Can you consider modifying LDAP configuration to provide more advanced custom LDAP search filters or options?
The issues that given default Spring configuration finds Groups by provided base path with a type of groupOfUniqueNames and looks for uniqueMemberId attributes to match the user.
For example we don't use type of groupOfUniqueNames for our groups so the LDAP configuration won't work.
Can we get it updated to have an option of providing full path for LDAP search/filter without looking for groups/users?
A good example would be - https://github.com/yahoo/kafka-manager/blob/f3823469537d577f2b1a32455b5cb32cd826a95c/app/controllers/BasicAuthenticationFilter.scala#L63-L94
It expects you to provide full search string and just checks if user was found by the search string u provided and verifies pw, simple and works with all ldap versions and configuration types
An example search query would be:
base: dc=MYDC,dc=com
search: (&(objectClass=user)(sAMAccountName=xx)(memberOf=CN=X,OU=Groups,DC=MYDC,DC=com))
Unfortunately my knowledge of LDAP is extremely limited, and not having a direct use case to develop against makes it difficult for me to put together a proper generic solution to this. The solution that currently exists is based on SpringBoot's out of the box support for LDAP authentication.
That said I'd love to include such functionality, and would encourage any outside contributions to help make the integration more usable/robust