Skip to content

feat: LDAP - add flag which enable nested groups for MS AD #2173

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
barloc wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feat: LDAP - add flag which enable nested groups for MS AD #2173

barloc wants to merge 2 commits into from
+103 −6

Conversation

@barloc
Copy link

@barloc barloc commented Nov 27, 2023
edited
Loading

Description

Enable search for user nested groups in LDAP system. Use attribute member:1.2.840.113556.1.4.1941: for Microsoft Active Directory and set groups from the search to the user_info[self.auth_ldap_group_field] field.

Add flag AUTH_LDAP_USE_NESTED_GROUPS_FOR_ROLES which enables this feature. Default value is False.

Fix this issues:

ADDITIONAL INFORMATION

  • Has associated issue:
  • Is CRUD MVC related.
  • Is Auth, RBAC security related.
  • Changes the security db schema.
  • Introduces new feature
  • Removes existing feature

@barloc barloc force-pushed the feature/add-ldap-nested-groups-for-ms-ad branch from f7860d0 to a5e679d Compare November 27, 2023 16:01
@barloc barloc changed the title LDAP: add flag which enable nested groups for MS AD feat: LDAP - add flag which enable nested groups for MS AD Nov 27, 2023
@codecov
Copy link

codecov bot commented Nov 27, 2023
edited
Loading

Codecov Report

Attention: Patch coverage is 42.85714% with 8 lines in your changes missing coverage. Please review.

Project coverage is 74.32%. Comparing base (59db85d) to head (b9df441).
Report is 35 commits behind head on master.

Files with missing lines Patch % Lines
flask_appbuilder/security/manager.py 42.85% 8 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #2173      +/-   ##
==========================================
- Coverage   79.31%   74.32%   -5.00%     
==========================================
  Files          72       72              
  Lines        8974     8930      -44     
==========================================
- Hits         7118     6637     -481     
- Misses       1856     2293     +437
Flag Coverage Δ
python 74.32% <42.85%> (-5.00%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@lfrancke
Copy link

lfrancke commented Feb 28, 2024

@barloc Can I ask what the status of this is?
I do see build failures and I assume it's now at least partially outdated.

Do you plan to work on this?

@chevcheli0s
Copy link

chevcheli0s commented Sep 18, 2024

@barloc do you plan to implement this?

@barloc
Copy link
Author

barloc commented Sep 27, 2024

@barloc Can I ask what the status of this is? I do see build failures and I assume it's now at least partially outdated.

Do you plan to work on this?

hello
sorry for long answer
yep, i'll update code

add AUTH_LDAP_USE_NESTED_GROUPS_FOR_ROLES flag which enable getting n…
5def4f8 
…ested groups from ms active directory

* fix: don't load inactive users with sessions

* add test

* fix test
@barloc barloc force-pushed the feature/add-ldap-nested-groups-for-ms-ad branch from ff9e76a to 5def4f8 Compare September 28, 2024 00:21
@barloc
Copy link
Author

barloc commented Sep 28, 2024

Hello
I added test for the feature but test-mssql is broken and I don't understand how to fix it :(

@mathiahal
Copy link

mathiahal commented Feb 14, 2025
edited
Loading

Hello, could we have an update?

@smktpd
Copy link

smktpd commented Nov 11, 2025

What does a failing mssql-related test have to do with this PR? Can't it get merged already?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Obodovskyi1 Obodovskyi1 Obodovskyi1 approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@barloc @lfrancke @chevcheli0s @mathiahal @smktpd @Obodovskyi1