Request #5294

Support nested groups in ldap

Added by OpenNebula Systems Support Team almost 4 years ago. Updated almost 4 years ago.

Status:PendingStart date:07/28/2017
Priority:SponsoredDue date:
Assignee:-% Done:


Category:Drivers - Auth
Target version:-
Pull request:


Currently the ldap driver does not support groups withing groups.


#1 Updated by Strahinja Kustudic almost 4 years ago

Besides supporting nested groups in LDAP, which should probably be a setting like:

nested_groups: true

It would probably be better to replace the group option with something like ldap_access_filter (check the sssd.conf man page), where you can write any LDAP filter which needs to be matched for a user to allow the user to login. This will give more flexibility on who to allow to login, then just setting a single group.

Also available in: Atom PDF