LDAP Trusted Domain Group Access

ShinyProxy
#1

Hello,

I am running into an issue trying to set up LDAP authentication across trusted domains with ShinyProxy.

I would like to use one group in Domain A to handle the access-groups for apps but it seems to need to use groups in both Domain A and Domain B.
For some more explanation, I tried to have a user from Domain B in Group1 in Domain A as a Foreign Security Principal but they are not granted access to any of the apps or the admin privileges.
Does anyone have a similar setup or any ideas?

application.yml config:

proxy:
bind-address: 127.0.0.1
title: ShinyProxy

logo-url: https://link/to/your/logo.png

landing-page: /
favicon-path: favicon.ico
heartbeat-rate: 10000
heartbeat-timeout: 60000
port: 8080
authentication: ldap
admin-groups: [Group1]

LDAP configuration

ldap:

  • url: ldap://dc1domaina.com:3268/dc=domaina,dc=com
    manager-dn: cn=LDAPManager,ou=Users,dc=domaina,dc=com
    manager-password: *******
    user-search-base:
    user-search-filter: (sAMAccountName={0})
    group-search-baser: ou=Groups
    group-search-filter: (member={0})

  • url: ldap://dc1.domainb.com:3268/dc=domainb,dc=com
    manager-dn: cn=LDAPManager,ou=Users,dc=domainb,dc=com
    manager-password: *******
    user-search-base:
    user-search-filter: (sAMAccountName={0})
    group-search-base:
    group-search-filter: (member={0})