From 39bb2d2d1aadf250fc22d219df253745b87596b6 Mon Sep 17 00:00:00 2001 From: ZMiguel Valdiviesso Date: Mon, 21 Dec 2020 21:16:20 +0000 Subject: [PATCH] Add config example for LDAP groupOfUniqueNames group structure (#1549) * Add config example for groupOfUniqueNames group structure * Update ldap.md Co-authored-by: James Elliott --- config.template.yml | 1 + docs/configuration/authentication/ldap.md | 1 + 2 files changed, 2 insertions(+) diff --git a/config.template.yml b/config.template.yml index 4b49f203..e60feabb 100644 --- a/config.template.yml +++ b/config.template.yml @@ -161,6 +161,7 @@ authentication_backend: # - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`. # - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later versions, so please don't use it. # - DON'T USE - {1} is an alias for {username} supported for backward compatibility but it will be deprecated in later version, so please don't use it. + # If your groups use the `groupOfUniqueNames` structure use this instead: (&(uniquemember={dn})(objectclass=groupOfUniqueNames)) groups_filter: (&(member={dn})(objectclass=groupOfNames)) # The attribute holding the name of the group diff --git a/docs/configuration/authentication/ldap.md b/docs/configuration/authentication/ldap.md index 1c7c7c58..bdc41441 100644 --- a/docs/configuration/authentication/ldap.md +++ b/docs/configuration/authentication/ldap.md @@ -107,6 +107,7 @@ authentication_backend: # - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`. # - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later versions, so please don't use it. # - DON'T USE - {1} is an alias for {username} supported for backward compatibility but it will be deprecated in later version, so please don't use it. + # If your groups use the `groupOfUniqueNames` structure use this instead: (&(uniquemember={dn})(objectclass=groupOfUniqueNames)) groups_filter: (&(member={dn})(objectclass=groupOfNames)) # The attribute holding the name of the group