I can use group dn in ldap role mapping but I would like to use group cn instead from maintainability perspective. In my LDAP setup group dn contain unique id while group cn is human oriented name.
I have following LDAP setup:
Users (o=users,dc=example,dc=com)
- user 1
dn: guid=u111,o=users,dc=example,dc=com
cn: user1
- user 2
dn: guid=u222,o=users,dc=example,dc=com
cn: user2
Groups (o=groups,dc=example,dc=com)
- admin group
dn: guid=g111,o=groups,dc=example,dc=com
cn: admin
uniqueMember: guid=u111,o=users,dc=example,dc=com
uniqueMember: guid=u222,o=users,dc=example,dc=com
uniqueMember: guid=u333,o=users,dc=example,dc=com
- readonly group
dn: guid=g222,o=groups,dc=example,dc=com
cn: readonly
uniqueMember: guid=u444,o=users,dc=example,dc=com
X-Pack settings:
xpack:
security:
authc:
realms:
ldap1:
type: ldap
order: 0
url: ...
bind_dn: ...
bind_password: ...
user_search:
base_dn: "o=users,dc=example,dc=com"
attribute: cn
group_search:
base_dn: "o=groups,dc=example,dc=com"
filter: "uniqueMember={0}"
files:
role_mapping: "role_mapping.yml"
unmapped_groups_as_roles: false
Role mapping settings:
admin:
- "guid=g111,o=groups,dc=example,dc=com"
The above config works but i would like use group name (cn), sth like:
- "cn=admin,o=groups,dc=example,dc=com"
Is it possible? With such LDAP setup I can use group cn e.g. in Splunk or Spring Ldap Security.