How to add objectClass and search filter into LDAP configuration

Users Feedback
1

Hi All,
Here are some parameters on our LDAP server:

  • User Search Base DN: ou=bluepages,o=ibm.com
  • User Search Filter: (&(objectclass=ibmPerson)(mail={0}))
  • Group Search Base DN: ou=memberlist,ou=ibmgroups,o=ibm.com
  • Group Search Filter: (&(objectclass=groupOfUniqueNames)(cn=DIAS*))
  • Group Name Attribute: cn

So, how could I setup configuration for readonlyrest?
search_user_base_DN: “ou=bluepages,o=ibm.com
user_id_attribute: “mail” # default “uid”
search_groups_base_DN: “ou=memberlist,ou=ibmgroups,o=ibm.com
unique_member_attribute: “cn” # default “uniqueMember”
My problem is how to add search filter and objectclass into these parameters?

Thanks!

2

Hello @TimZhang, currently we don’t support that.
As you can see our filter string is pretty limited:
https://github.com/sscarduzio/elasticsearch-readonlyrest-plugin/blob/master/core/src/main/java/org/elasticsearch/plugin/readonlyrest/acl/definitions/ldaps/unboundid/UnboundidBaseLdapClient.java#L63

I would love to accept a PR from you with this enhancement :slight_smile: