LDAP User advanced search query

timothy.sing · January 4, 2022, 1:36pm

Hi All,

I have a question… Hopefully its an easy one to anwser.

I have setup my env to use LDAP authentication. However i would like to further filter to not allow all ldap users to login but enforce that the user exists and belong to at least one listed security group…

            hosts:
              - myldap.blah:636
            bind_dn: "CN=......com"
            password: "*********"
            userbase: "OU=Users,*****,DC=com"
            **usersearch: '(SAMACCOUNTNAME={0})'**
            username_attribute: "SAMACCOUNTNAME"

With the highlight text above… How to i do an advanced filter where samaccountname={0} and member of sec group before allowing login?

regards,

Tim

PS. Sorry newbie! if this is a silly question.

Anthony · January 4, 2022, 1:49pm

@timothy.sing If I understand you question correctly it is not possible as of yet.
Any user that successfully authenticates via LDAP will have access to Opensearch, but no roles will be provided, therefore no privileges to read/write.
There is already a ticket for this here
Perhaps bumping this ticket up with a comment might be a good idea

Topic		Replies	Views
LDAP auth query with Filters Security troubleshoot , configure	2	284	August 17, 2023
Authentication via LDAP, only allow certain security groups Security	4	963	February 16, 2023
Role template - LDAP results Security	2	535	May 24, 2021
LDAP Authz for Group Membership Security	1	438	December 26, 2021
LDAP bind to AD error Security	2	535	May 10, 2021

LDAP User advanced search query

Related Topics