iris-web icon indicating copy to clipboard operation
iris-web copied to clipboard
verified publisher icon dfir-iris

Ldap groups

Open c8y3 opened this issue 2 years ago • 0 comments

This is an improvement to ldap authentication. The purposes of this pull request are:

  • introduction of a bind account in order to emit requests to the ldap (rather than use the user's account),
  • synchronization of groups declared in ldap with groups in IRIS.

The following variables are added to the .env:

  • LDAP_BIND_DN: distinguished name of the bind account
  • LDAP_BIND_PASSWORD: password of the bind account
  • LDAP_GROUP_BASE_DN: distinguished name for the group names

More precisely, when the flag AUTHENTICATION_CREATE_USER_IF_NOT_EXIST is set, then the groups of the user will be synchronized with the groups that are present in its memberOf field in ldap and which also have LDAP_GROUP_BASE_DN as base.

c8y3 avatar Oct 13 '23 07:10 c8y3