Opened 5 years ago

Closed 4 years ago

#789 closed wish (fixed)

Restrict external auth to memberof group

Reported by: jkenyon Owned by:
Priority: minor Milestone: 7.7.2
Component: LDAP / Active Directory Version: 7.6.4
Keywords: Cc:

Description

On the fly authentication with external auth (e.g. Active Directory) allows for a users profile to be automatically imported if the user authenticates successfully.

In addition to a successful authentication, it would be great if this process could also check if the user is a member of a security group (e.g. "LogicalDOC Users") before creating a profile. This would make managing access from Active Directory much easier.

Change History (5)

comment:1 Changed 5 years ago by jkenyon

Basically we have ability to define a class, base and attribute for both User and Group. The ability to define a filter both user and group is whats required.

comment:2 Changed 5 years ago by car031

  • Type changed from improvement to wish

comment:3 Changed 4 years ago by car031

  • Milestone set to 7.7.2

ok.
do you want us to add a filter field?
You could write in the filter a comma-separated list of group the simple names like Group A, Group B

So a user is authenticated only if it belongs to one of those groups.
Do you also want us to put similar filter for the usernames ?

comment:4 Changed 4 years ago by jkenyon

Yes correct, a filter field so a user is only authenticated if it belongs to one of the groups specified.

Having a similar filter for usersnames allows for more flexible configuration, so if you can add this too it could be useful.

comment:5 Changed 4 years ago by car031

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.