AD/LDAP protocol does not assign roles for AD/LDAP groups
adalinesimonian opened this issue · 2 comments
adalinesimonian commented
Steps to replicate:
- Create/obtain a user in AD/LDAP.
- Make that user a member of a group.
- Define a role in Anvil Connect named after the group DN, with LDAP path names upper-cased and no excess whitespace (e.g.
CN=Administrators,OU=Security Groups,DC=example,DC=com
) - Authenticate as that user.
Expected behaviour:
Roles are assigned to the user based on their AD/LDAP groups.
Actual behaviour:
No roles are assigned to the user.
adalinesimonian commented
Strongly recommend a release is issued after this issue is fixed, as this issue breaks integration with a moderately significant authentication source.
christiansmith commented
Glad to merge this and release but we need to do a code review first please.