LDAP Authentication - Validating Groups of a user #909
Comments
|
I was wondering if better approach is what passport have in example: https://www.passportjs.org/packages/passport-activedirectory/ Than trying to verify using URL. |
|
I agree that this is a better approach, and it was the original mechanism. There's a long, historically site-specific reason why the URL method was used. I suggest having a default implementation that uses the out-of-the-box |
|
Thanks @kandahk and @grovesy for your valuable insights. Yes , was exploring the option of using the default implementation of - ad.isUserMemberOf given by passport-activedirectory Implementation of Nodejs. However was getting issues during call-back. |
|
I suspect it would be easy enough to have both approaches persist and be selected via the config provided... I hope to be able to help with documentation of said config (that being the only part I've looked at in detail so far - and appears to just need some more detailed JSON schema writing up to describe it in more depth) at some point soon. |
This is regarding user authentication on Git Proxy using LDAP.
As per the below file in GitProxy Source Code is making a GET API Call for fetching the LDAP Group Details of a particular user.
src/service/passport/ldaphelper.js
And that configuration needs to be a part of proxy.config.json file (like below is our assumption).
"api": {
"ls": {
"userInADGroup": "<API call to be used??>"
}
}
1.Is our understanding correct ?
2.Is there any sample isUserinAdGroup config you could provide for the same as we could see that the Strings , and are being replaced with the actual values in the config string?
The text was updated successfully, but these errors were encountered: