[SERVER-36117] LDAP Authorization add support for posixGroup schema (RFC2307) Created: 13/Jul/18 Updated: 29/Oct/23 Resolved: 29/Jan/19 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | 4.1.8 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Emilio Scalise | Assignee: | Jonathan Reams |
| Resolution: | Fixed | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||
| Sprint: | Security 2018-12-17, Security 2019-01-14, Security 2019-01-28, Security 2019-02-11 | ||||||||||||
| Participants: | |||||||||||||
| Case: | (copied to CRM) | ||||||||||||
| Description |
|
When LDAP authentication and authorization is enabled in the Server, there is a variable {USER}that can be used in the security.ldap.authz.queryTemplate configuration option. That variable will contain the DN of the user after the security.ldap.userToDNMapping expression is processed. Please add another variable, such as {0}that allows to use the non-mapped username (the username passed to the client. This will be useful for LDAP environments where the posixGroup schema is used (RFC2307) and the member field contains the user uid instead of the full DN: Example posixGroup element:
Possible configuration settings for MongoDB once the {0} variable is available:
If the username is "bob":
|
| Comments |
| Comment by Githook User [ 30/Jan/19 ] |
|
Author: {'email': 'jbreams@mongodb.com', 'name': 'Jonathan Reams'}Message: |
| Comment by Githook User [ 29/Jan/19 ] |
|
Author: {'username': 'jbreams', 'email': 'jbreams@mongodb.com', 'name': 'Jonathan Reams'}Message: |
| Comment by Githook User [ 28/Jan/19 ] |
|
Author: {'username': 'jbreams', 'email': 'jbreams@mongodb.com', 'name': 'Jonathan Reams'}Message: Revert " This reverts commit 2f3cfa6c3b42c063d3b1d716d59d7d3a02441dec. |