|
|
Post by puwen on Apr 22, 2022 7:18:10 GMT
Hi all,
Are [RemoteUser] and [RemoteGroup] allowed in one mapping entry?
If allowed, which logical operation should be used, AND or OR?
Thanks for your answer.
{
"LDAP": {
"RemoteRoleMapping": [
{
"RemoteUser": "cn=Manager,dc=example,dc=org",
"RemoteGroup": "cn=Admins,ou=Groups,dc=example,dc=org",
"LocalRole": "Administrator"
}
]
}
}
|
|
|
|
Post by jautor on Apr 26, 2022 15:46:30 GMT
Hi all, Are [RemoteUser] and [RemoteGroup] allowed in one mapping entry? If allowed, which logical operation should be used, AND or OR? Thanks for your answer.
{
"LDAP": {
"RemoteRoleMapping": [
{
"RemoteUser": "cn=Manager,dc=example,dc=org",
"RemoteGroup": "cn=Admins,ou=Groups,dc=example,dc=org",
"LocalRole": "Administrator"
}
]
}
}
This is really a question for the LDAP folks and may be dependent on your implementation. The schema doesn't prevent or require both properties from appearing together - and for other External Account Provider types it may make sense. But from my understanding, in the context of LDAP, you would only have one or the other, not both, as they both describe a single mapping. A user could perhaps have two array elements to show two types of maps (one user-based and one group-based).
Jeff
|
|
|
|
Post by puwen on Apr 29, 2022 7:07:02 GMT
Thanks Jeff.
This is very helpful for us.
|
|
