Please add ldap filters for authentication
It would be great to add the abaility to filter on group membership to the LDAP authentication module.
Actually, I know it's possible to change the search base so only users inside of a defined OU could use the application.
With large LDAP setup (lots of users, LDAP used by multiple apps) you have several users in different OU which will need to be able to use the same application so we use group membership.
It would be really a plus if you add some field to let us do that kind of filtering, something like cacti has would be perfect. So if we can specifiy a group DN, a membership field (like memberUid) and a group member type (username or DN of the user), everything would be perfect.
Thanks and regards,
#1 Updated by Felix Schäfer over 12 years ago
I can't remember exactly what the LDAP settings in the stock redmine look like, but can't you specify a filter? It's been a while since I got into LDAP that deep, but I seem to remember that the stuff you are asking for could be achieved with a well crafted filter.
#3 Updated by Felix Schäfer over 12 years ago
Nico Tourneur wrote:
In the web form, in only see the base DN that could be used as some kind of filter, unfortunately it's not enough. Is there any other place where I can configure that ? yml file ?
No, then it's in one of the patches I applied sorry. Depending on your skill level, search around the tracker, I think there are 2 patches to include more options in the LDAP settings which also include the possibility to specify an arbitrary filter. Be aware though that the patches probably won't apply cleanly to trunk due to several changes to the LDAP Auth between 0.9-stable and trunk.