mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-12-26 15:27:26 +00:00
005cb3e042
-------------------------- Added new configuration option to ldap auth backend - groupfilter. GroupFilter accepts a Go template which will be used in conjunction with GroupDN for finding the groups a user is a member of. The template will be provided with context consisting of UserDN and Username. Simplified group membership lookup significantly to support multiple use-cases: * Enumerating groups via memberOf attribute on user object * Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes * Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule There is now a new configuration option - groupattr - which specifies how to resolve group membership from the objects returned by the primary groupfilter query. Additional changes: * Clarify documentation for LDAP auth backend. * Reworked how default values are set, added tests * Removed Dial from LDAP config read. Network should not affect configuration.