Skip to content

LDAP account map #159

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
cmelone wants to merge 4 commits into
base: main
Choose a base branch
from
Open

LDAP account map #159

cmelone wants to merge 4 commits into from

Conversation

@cmelone
Copy link
Member

@cmelone cmelone commented Jul 14, 2025
edited
Loading

closes #155

This PR implements an LDAP account mapper. Given the URI of an LDAP server and the base to search from, it will filter by an input attribute and return the value of the output attribute.

It supports GSSAPI authentication (kerberos) and simple bind (username/password).

I've tested this on Dane with input=employeeNumber output=uid. Eventually, the input will be githubId but this interface allows arbitrary inputs and outputs.

I have notes documenting the specifics of each parameter for the mapper, but I'll wait until we have a PR that fulfills #157.

TODO:

  • test simple bind auth when we get LC service account

@cmelone cmelone requested a review from alecbcs July 14, 2025 23:05
@github-actions github-actions bot added the dependencies Modifications to a Dependency File label Jul 15, 2025
@cmelone
LDAP account map
6eaf7e6 
closes llnl#155

This PR implements an LDAP account mapper. Given the URI of an LDAP
server and the base to search from, it will filter by an input attribute
and return the value of the output attribute.

It supports GSSAPI authentication (kerberos) and simple bind
(username/password).

I've tested this on Dane with input=employeeNumber output=uid.
Eventually, the input will be githubId but this interface allows
arbitrary inputs and outputs.

I have notes documenting the specifics of each parameter for the mapper,
but I'll wait until we have a PR that fulfills llnl#157.

TODO:
- [] test simple bind auth when we get LC service account
@cmelone
rm extra logging config
7fd6bce
@cmelone
add dependency on python-ldap
f08698e
@cmelone
add conditional config options for ldap account map
7144217
@cmelone cmelone force-pushed the add/ldap-account-map branch from 2c1412f to 7144217 Compare October 28, 2025 23:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alecbcs alecbcs Awaiting requested review from alecbcs

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Modifications to a Dependency File

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

LDAP account mapper

1 participant

@cmelone