any examples of using nesting within `require group` ?

Question

any examples of using nesting within `require group` ?

Opened this issue 7 years ago · 1 comments

Currently, If i specify the ldap url like so with the "require valid_user" param it works.

url "ldaps://ldap.test.domain.com/OU=Users,DC=test,DC=domain,DC=com?sAMAccountNam
e?sub?(&(memberOf:1.2.840.113556.1.4.1941:=CN=testgroup,OU=LDAP,OU=Groups,DC=test,DC=domain,DC=com)(objectClass=person))";
binddn "....";
binddn_passwd "....";
group_attribute member;
group_attribute_is_dn on;
satisfy any;
require valid_user;

But, if i use the same group with the "require group attribute" like below i am unable to authenticate.
Is the ldap rule chain (memberOf:1.2.840.113556.1.4.1941) supported with "require group" - is that what is missing here ?

url "ldaps://ldap.test.domain.com/OU=Users,DC=test,DC=domain,DC=com?sAMAccountNam
e?sub?(objectClass=person)";
binddn "....";
binddn_passwd "....";
group_attribute member;
group_attribute_is_dn on;
satisfy any;
require group "CN=testgroup,OU=LDAP,OU=Groups,DC=test,DC=domain,DC=com";

Answer 1 · 2020-06-10T19:11:33.000Z

Try this:

        group_attribute "member:1.2.840.113556.1.4.1941:";

which works for me.