Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User DN in LDAP users subtree #447

Closed
rezib opened this issue Jan 22, 2025 · 1 comment · Fixed by #464
Closed

User DN in LDAP users subtree #447

rezib opened this issue Jan 22, 2025 · 1 comment · Fixed by #464
Assignees
@rezib
Milestone
v4.1.0

Comments

@rezib
Copy link
Contributor

rezib commented Jan 22, 2025

For authentication, Slurm-web expects to find user object at the first level in the users branch. Some LDAP directories have a subtree in the users branch, user objects can be in a subbranch of the users branch. Slurm-web should actually search for the DN of the user in the full users subtree before trying to authenticate this user against this DN.
@rezib rezib added the bug This was supposed to work in this case and clearly it is not. label Jan 22, 2025
@rezib rezib mentioned this issue Jan 30, 2025
Closed
@rezib rezib self-assigned this Jan 31, 2025
@rezib rezib added this to the v4.1.0 milestone Jan 31, 2025
@rezib
Copy link
Contributor Author

rezib commented Jan 31, 2025

This needs feature rackslab/RFL#30 and the release of RFL v1.3.0.

@rezib rezib removed the bug This was supposed to work in this case and clearly it is not. label Feb 3, 2025
rezib added a commit that referenced this issue Feb 4, 2025
@rezib
feat(gateway): lookup user DN in LDAP
35f4735 
Lookup user DN in the scope of user base subtree before authentication
on LDAP directory by default. This has 2 main benefits:

- Support LDAP directory layout with users distributed in multiple
  branches in the user base.
- Support LDAP directory without the user name attribute in the user DN
  (eg. the full name).

Note this new default behavior can be reverted to the previous behavior
by setting lookup_user_dn=no in [ldap] section of the gateway
configuration.

fix #446 #447
@rezib rezib mentioned this issue Feb 4, 2025
Merged
@rezib rezib linked a pull request Feb 4, 2025 that will close this issue
Search for user DN in the scope of LDAP user base before authentication #464
Merged
rezib added a commit that referenced this issue Feb 4, 2025
@rezib
feat(gateway): lookup user DN in LDAP
c97438d 
Lookup user DN in the scope of user base subtree before authentication
on LDAP directory by default. This has 2 main benefits:

- Support LDAP directory layout with users distributed in multiple
  branches in the user base.
- Support LDAP directory without the user name attribute in the user DN
  (eg. the full name).

Note this new default behavior can be reverted to the previous behavior
by setting lookup_user_dn=no in [ldap] section of the gateway
configuration.

fix #446 #447
rezib added a commit that referenced this issue Feb 4, 2025
@rezib
feat(gateway): lookup user DN in LDAP
969a4a7 
Lookup user DN in the scope of user base subtree before authentication
on LDAP directory by default. This has 2 main benefits:

- Support LDAP directory layout with users distributed in multiple
  branches in the user base.
- Support LDAP directory without the user name attribute in the user DN
  (eg. the full name).

Note this new default behavior can be reverted to the previous behavior
by setting lookup_user_dn=no in [ldap] section of the gateway
configuration.

fix #446 #447
rezib added a commit that referenced this issue Feb 4, 2025
@rezib
feat(gateway): lookup user DN in LDAP
a0d1654 
Lookup user DN in the scope of user base subtree before authentication
on LDAP directory by default. This has 2 main benefits:

- Support LDAP directory layout with users distributed in multiple
  branches in the user base.
- Support LDAP directory without the user name attribute in the user DN
  (eg. the full name).

Note this new default behavior can be reverted to the previous behavior
by setting lookup_user_dn=no in [ldap] section of the gateway
configuration.

fix #446 #447
@rezib rezib closed this as completed in #464 Feb 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rezib rezib

Labels
None yet
Projects
None yet
Milestone
v4.1.0
Development

Successfully merging a pull request may close this issue.

Search for user DN in the scope of LDAP user base before authentication rackslab/Slurm-web
1 participant
@rezib