We are trying to set a shinyproxy server with ldap security.
In the shinyproxy.yml the ldap configuration is set as:
ldap:
url: ldap://ourIP:389/dc=ourdomain,dc=com
manager-dn: cn=admin,dc=ourdomain,dc=com
manager-password: ++++++++
group-search-base: ou=Groups
group-search-filter: (|(cn=admingroup)(cn=nonadmingroup))
user-search-base: ou=People
user-search-filter: uid={0}
But with this configuration filters in the .yml like admin-groups, or access-groups in every app doesn´t seem to work. Having all users all permissions.
How should we set it so the filters work?
We needed to make the group filter dependent on the userpass entry.
First, to be able to relate user and group, in our OpenLDAP server, instead of adding the user to the group as primary group (sharing the gidNumber), we needed to add it to another primary group, and then to the intended group (adding the attribute "memberUid" in it).
Finally specifying the group filter as:
group-search-filter: (&(objectClass=posixGroup)(memberUid={1}))