Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP integration improvements #2715

Open
jonsbun opened this issue Jun 17, 2024 · 3 comments
Open

LDAP integration improvements #2715

jonsbun opened this issue Jun 17, 2024 · 3 comments
Labels
feature request Let's add something new local config xf:authentication
Milestone
24.2.2

Comments

@jonsbun
Copy link

jonsbun commented Jun 17, 2024

Is your feature request related to a problem? Please describe.
CloudBeaver 24.1.0 finally got LDAP support. However, according feedback LDAP integration lack of main functionally to use it properly at this moment.

Describe the solution you'd like

  1. Missing configuration of the bind user (service account) to the LDAP server.
    In general, an LDAP query looks something like this: ldapsearch -x -D "<bind-user>" -w "<bind-password>" -b "<base-dn>" "<filter>" -H "<ldap-host>:<ldap-port>". From the current configuration looks like the bind user is not used at all.

  2. Missing configuration of the unique identifier for the user.
    Depending on the LDAP this attribute could be uid, sAMAccountName, mail, etc. At this moment no clue what is being used in CloudBeaver LDAP authentication.

  3. Impossible to map LDAP users with the CloudBeaver Teams.
@jonsbun jonsbun added feature request Let's add something new wait for review labels Jun 17, 2024
@jonsbun jonsbun changed the title LDAP integration improvments LDAP integration improvements Jun 17, 2024
@jonsbun jonsbun mentioned this issue Jun 17, 2024
Closed
@EvgeniaBzzz
Copy link
Contributor

@jonsbun
Thank you for summarizing all the feedback!
We will make improvements in future releases.

@brunobergamo
Copy link

brunobergamo commented Jul 3, 2024
edited
Loading

HI, The ldap that I have to connect, it is not necessary to set the userName with cn=.

In LdapAuthProvider, we have :

        String cn = "cn=" + userName;
        var principal = Stream.of(cn, unit, ldapSettings.getBaseDN())
            .filter(CommonUtils::isNotEmpty)
            .collect(Collectors.joining(","));
        environment.put(Context.SECURITY_PRINCIPAL, principal );

I do need to set Context.SECURITY_PRINCIPAL with my userName with @Domain .
environment.put(Context.SECURITY_PRINCIPAL, userName );

Is this open issue handle this case ?

Best Regards

@dariamarutkina dariamarutkina modified the milestones: 24.1.5, 24.2.2, 24.2.0 Aug 7, 2024
@EvgeniaBzzz
Copy link
Contributor

In version 24.2.0 the first two points have been implemented.

New parameters added:
ldap-cn - User identifier attribute
ldap-bind-user - Bind User DN
ldap-bind-user-pwd - Bind User Password
ldap-filter - User Filter

Some extra information you can find in the LDAP Authentication article

@EvgeniaBzzz EvgeniaBzzz modified the milestones: 24.2.0, 24.2.2 Sep 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request Let's add something new local config xf:authentication
Projects
None yet
Milestone
24.2.2
Development

No branches or pull requests
4 participants
@brunobergamo @jonsbun @dariamarutkina @EvgeniaBzzz