Hello,
Is there a possibility to use custom attribute to find user in LDAP (for login) and different attribute to connect a group to this user? What I would want to do is to login with email, but the groups have still the users dn
as a member
attribute.
I’ve tried
ldap:
user-dn-pattern: mail={0}
group-search-filter: (member={0})
but this does not work, probably because the mail is username@example.com
but the member
is just cn=very_long_and_hashed_username,dc=example,dc=com
. I don’t have access to the LDAP directory (meaning propose that many changes) Is there any way around this?
Another question would be, if it is possible to use the ‘orthogonal’ implementation of groups, where the group does not have a list of it’s members, but user has the list of groups he is a member in. In this setup I’ve tried
ldap:
group-search-filter: (@(memberOf={0}))
but I suspect that shinyproxy pastes user’s dn
for the {0}
so it does not make sense. Is it possible to do it this way?
thanks a lot
Jan