ldap group attribute lookup
drewilgenfritz1 opened this issue · 2 comments
I am implementing cf-mgmt using ldap with saml. My dilemma is that My customer passes the SamAccountName as the userid. That is no big deal if I am assigning users individually. However, I am using ldap for group lookup and it seems my only 2 options to choose from are email or cn(if useidforsamluser is true). Is there a way to change the attribute that is handed to cf as the username when doing a group search in ldap? I'm hoping this is already a feature and I just am not understanding it fully.
We have created an issue in Pivotal Tracker to manage this. Unfortunately, the Pivotal Tracker project is private so you may be unable to view the contents of the story.
The labels on this github issue will be updated when the story is started.
This should be supported following the configuration of SAML with leveraging LDAP Groups for membership configuration example
That being said if you want additional guidance on how to configure this with cf-mgmt if you can provide samples of what your ldap group and user entries look like and how you have SAML configurated it cloud foundry can guide you thru how to configure this.
Also while experimenting with the configuration you can use the cf-mgmt cli and run the update-space-users command with --peek flag to see if the users being added map to what you expect before running this via concourse and git configuration committed/pushed the configuration you are testing.