mirror of
https://github.com/hashicorp/vault.git
synced 2026-04-01 15:15:01 -04:00
005cb3e042
-------------------------- Added new configuration option to ldap auth backend - groupfilter. GroupFilter accepts a Go template which will be used in conjunction with GroupDN for finding the groups a user is a member of. The template will be provided with context consisting of UserDN and Username. Simplified group membership lookup significantly to support multiple use-cases: * Enumerating groups via memberOf attribute on user object * Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes * Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule There is now a new configuration option - groupattr - which specifies how to resolve group membership from the objects returned by the primary groupfilter query. Additional changes: * Clarify documentation for LDAP auth backend. * Reworked how default values are set, added tests * Removed Dial from LDAP config read. Network should not affect configuration. |
||
|---|---|---|
| .. | ||
| audit | ||
| auth | ||
| commands | ||
| concepts | ||
| config | ||
| http | ||
| install | ||
| internals | ||
| secrets | ||
| index.html.markdown | ||