How to avoid duplicate LDAP and ACL rules?

askids · April 6, 2020, 4:25pm

hi

We have users whose user accounts are part of different OUs, but part of same AD group that is used for ACL rule. Currently, because of this, we are setting up 2 separate LDAP configuration and 2 separate ACL block so that we can support both type of users.

First LDAP configuration has below in search_user_base_DN setting.

search_user_base_DN: “OU=Accounts,OU=myOU1,DC=corp,DC=mydomain,DC=com”

Second one has below.

search_user_base_DN: “OU=Accounts,OU=myOU2,DC=corp,DC=mydomain,DC=com”

Is there any alternative way to set this up, so that I don’t have to duplicate this? If currently there is no alternative, can we look at adding a feature, where I can provide multiple values for the base DN as part of a single LDAP configuration? We also have another group who will have to be provisioned whose user account are part of a 3rd OU. So having this ability to provide multiple user base DN will help to simplify the ACL rules.

Thanks
askids

coutoPL · April 6, 2020, 6:59pm

at the moment this is the only possible way to do so

askids · April 8, 2020, 2:32pm

Ok. Can you please look at adding this as an enhancement for future release? I think supporting an array for both search_user_base_DN and search_groups_base_DN has its benefits to simplify the ACL rules so that multiple rules and multiple LDAP configuration can be avoided.

coutoPL · April 8, 2020, 6:44pm

ok, done - jira for this one is now in our backlog

askids · July 18, 2020, 2:24am

@coutoPL just following up. How far up has this moved in the backlog

coutoPL · July 26, 2020, 6:57pm

sadly, not in current sprint. Low priority atm.