How to avoid duplicate LDAP and ACL rules?


We have users whose user accounts are part of different OUs, but part of same AD group that is used for ACL rule. Currently, because of this, we are setting up 2 separate LDAP configuration and 2 separate ACL block so that we can support both type of users.

First LDAP configuration has below in search_user_base_DN setting.

search_user_base_DN: “OU=Accounts,OU=myOU1,DC=corp,DC=mydomain,DC=com”

Second one has below.

search_user_base_DN: “OU=Accounts,OU=myOU2,DC=corp,DC=mydomain,DC=com”

Is there any alternative way to set this up, so that I don’t have to duplicate this? If currently there is no alternative, can we look at adding a feature, where I can provide multiple values for the base DN as part of a single LDAP configuration? We also have another group who will have to be provisioned whose user account are part of a 3rd OU. So having this ability to provide multiple user base DN will help to simplify the ACL rules.


at the moment this is the only possible way to do so

Ok. Can you please look at adding this as an enhancement for future release? I think supporting an array for both search_user_base_DN and search_groups_base_DN has its benefits to simplify the ACL rules so that multiple rules and multiple LDAP configuration can be avoided.

ok, done - jira for this one is now in our backlog :slight_smile:

1 Like

@coutoPL just following up. How far up has this moved in the backlog :smile:

sadly, not in current sprint. Low priority atm.