mirror of
https://github.com/hashicorp/vault.git
synced 2026-03-12 13:42:12 -04:00
005cb3e042
-------------------------- Added new configuration option to ldap auth backend - groupfilter. GroupFilter accepts a Go template which will be used in conjunction with GroupDN for finding the groups a user is a member of. The template will be provided with context consisting of UserDN and Username. Simplified group membership lookup significantly to support multiple use-cases: * Enumerating groups via memberOf attribute on user object * Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes * Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule There is now a new configuration option - groupattr - which specifies how to resolve group membership from the objects returned by the primary groupfilter query. Additional changes: * Clarify documentation for LDAP auth backend. * Reworked how default values are set, added tests * Removed Dial from LDAP config read. Network should not affect configuration. |
||
|---|---|---|
| .. | ||
| app-id.html.md | ||
| aws-ec2.html.md | ||
| cert.html.md | ||
| github.html.md | ||
| index.html.md | ||
| ldap.html.md | ||
| mfa.html.md | ||
| token.html.md | ||
| userpass.html.md | ||