You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our ldap config is a bit weird and our users are in two distinct base trees. Would it be possible to specify multiple search-base-dn entries to avoid having the entire ldap hierarchy (which is a performance problem) scanned?
The text was updated successfully, but these errors were encountered:
bitchkat
changed the title
Multiple group filters
Multiple search-base-dn entries
Sep 21, 2022
Also, it looks like when ldap is enabled that the basic auth username is disabled so we can't use that as fallback for the handful of users in the second base tree.
I'm not sure if that is what you needed but for us this works:
we are using something like the following as the basicAuthentication.ldap.search-filter in the application.conf: (&(objectClass=user)(sAMAccountName=$capturedLogin$)(|(memberof=CN=DevGroup,OU=Roles,OU=Groups,OU=MYORG,DC=MYCOMPANY,DC=COUNTRY)(memberof=CN=OpsGroup,OU=Roles,OU=Groups,OU=MYORG,DC=MYCOMPANY,DC=COUNTRY)))
Our ldap config is a bit weird and our users are in two distinct base trees. Would it be possible to specify multiple search-base-dn entries to avoid having the entire ldap hierarchy (which is a performance problem) scanned?
The text was updated successfully, but these errors were encountered: