(Sorry for duplicates, had to join the group to be able to send to it.) > On 4. mai 2016, at 03.13, Brandon Philips <[email protected]> wrote: > > cc'ing in Frode who wrote the original LDAP integration. He may have thoughts. > > Brandon
Thx! > On Tue, May 3, 2016 at 5:22 PM Christopher L. Cousins <[email protected]> > wrote: > Hello, > > I am planning on using dex to authenticate users with credentials stored in > LDAP. In addition to the information returned in oidc.Identity, I need to > enrich the JWT with additional claims for the users using information that is > also stored in LDAP and I would prefer to collect this information right > after the user authenticates using their LDAP credentials. This is something I would like to see as well. At the time of writing the original LDAP connector code implementing this was out of scope. If someone can point me in the direction of how to return a richer dataset to Dex at time of call to Identity that would be most helpfull. > Since the LDAP searches and other logic I need to use to collect this > additional information are of no use to anyone else, and I don't like the > idea of maintaining a custom branch of dex (modifying the existing LDAP > connector), I was thinking about creating a new 'local-http' connector that > would allow me to run a companion application next to every dex-worker > instance that would handle all of the connector functionally over an HTTP API > on the loopback interface. In my case, this would be sidecar Kubernetes > container in a pod that also contains a (hopefully eventually stock) > dex-worker container. Adding additional claims to the JWT with data from LDAP is most definitely something other users will have use for. Could you describe your use case and I can try to come up with a generic and configurable way to handle it in the LDAP connector. [ snip ] -- Frode Nordahl
