Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[LDAP] Select more generic objectclass and attributes to configure realms in ldap #17

Open
clement-dufaure opened this issue Nov 27, 2020 · 2 comments
Open

[LDAP] Select more generic objectclass and attributes to configure realms in ldap #17

clement-dufaure opened this issue Nov 27, 2020 · 2 comments
Labels
bug Something isn't working ldap config Concerns the ldap config provider module P3 When we have time

Comments

@clement-dufaure
Copy link
Contributor

Avoid using attributes 'inseePropriete" for instance
@micedre micedre added bug Something isn't working ldap config Concerns the ldap config provider module labels Dec 21, 2020
@micedre
Copy link
Contributor

micedre commented Dec 22, 2020
edited
Loading

We could use info attribute defined in RFC4524 with a fixed format (key=value).

This attribute could be on an organizationalEntry

This would look like that :

dn: ou=Liens,o=insee,c=fr
objectClass: extensibleObject
objectClass: organizationalUnit
objectClass: top
ou: Liens
description:: TsOpY2Vzc2FpcmUgcG91ciDDqXZpdGVyIGxlcyBtZXNzYWdlcyBkJ2VycmV1ci
 Bzb3VzIE91dGxvb2s=
info: organizationSource=ou=orgs,o=insee,c=fr
info: userSource=ou=users,o=insee,c=fr

An another way, would be to have the attribute and separator configurable.

@micedre micedre modified the milestone: Next version Mar 10, 2021
@micedre
Copy link
Contributor

micedre commented Apr 9, 2021

Instead of forcing a schema, we could also add some configuration key to manage this. We would need some configuration for the LdapRealmProvider and the LdapStoreProvider (Reader or Writer).

LdapRealmProvider

add some configuration in properties with :

  • objectclass to search for Realms and/or UserStorage (and to use when creating realm)
  • attribute mapping (between userSource and ldap config)

LdapStoreProvider

Either one configuration per realm (more flexible) or one configuration for the provider (subtext : in the same sugoi execution we manage all ldap in the same way)

  • map ldap attribute to an entity attribute (we need some special care around properties like username, mail...) (and the format ??)
  • decide wich objectclass to search for
  • which objectclass to use when creating entities

@micedre micedre mentioned this issue Apr 12, 2021
Merged
@CChemin CChemin added the P3 When we have time label Feb 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working ldap config Concerns the ldap config provider module P3 When we have time
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@micedre @clement-dufaure @CChemin