Nikolay Sokolov created GRIFFIN-207: ---------------------------------------
Summary: LDAP auth is not supporting group filters and non-CN login names Key: GRIFFIN-207 URL: https://issues.apache.org/jira/browse/GRIFFIN-207 Project: Griffin (Incubating) Issue Type: Bug Reporter: Nikolay Sokolov Currently LDAP auth performs bind to principal with name "${username}${ldap.email}", and searches through user objects ldap.searchPattern. Result of search then only used to retrieve fullName of the user. There are two problems here: * login username can not be different than CN, as it is used to perform LDAP bind * it is not possible to restrict access to specific groups Typical approach used in other software products is to use separate bind account, which would search through LDAP objects using search pattern, and then use found object's DN to perform password check. -- This message was sent by Atlassian JIRA (v7.6.3#76005)