SandaDD opened a new issue, #11295:
URL: https://github.com/apache/apisix/issues/11295
### Description
From the current implementation, it seems that the base_dn attribute from
the ldap-auth plugin for a route and the user_dn attribute for a consumer only
differ in the cn part. This essentially means that, in the route, we have
defined almost the entire tree for some users.
Snippet of the relevant code ifrom ldap-auth.lua plugin:
What if I want a more flexible situation, i.e., that I define the base_dn in
the route configuration as ou=users,dc=example,dc=org, but for user_dn I can
use cn=user1,ou=serviceUser,ou=users,dc=example,dc=org? In that way, consumers
can define users from LDAP with a much wider selection.
Is this scenario supported with the current ldap-auth implementation, or
should we write a custom plugin?
### Environment
- apisix-ingress-controller version: 1.7.1
- apisix gw: 3.8.0.
- Kubernetes cluster version:
- Client Version: v1.29.2
- Server Version: v1.27.11
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
