ruslanfialkovskii opened a new pull request, #4917:
URL: https://github.com/apache/zeppelin/pull/4917
### What is this PR for?
This pull request introduces support for LDAP authentication using the
memberOf attribute, retrieving user group memberships from LDAP systems like
FreeIPA.
Problem
Previously, Zeppelin's LdapRealm could only determine group memberships by
searching all groups in the LDAP directory and checking if the user was a
member of each group. This approach doesn't properly support nested group
memberships in systems that use the memberOf attribute like FreeIPA.
Solution
This PR adds the ability to use the memberOf attribute for determining group
memberships by:
Adding configuration options to enable memberOf attribute support:
Implementing a new code path in the rolesFor method that:
Searches for the user and retrieves their memberOf attribute values
Correctly extracts group names from the memberOf Distinguished Names
Maps these group names to roles based on the configured rolesByGroup mapping
Properly handling the LDAP Distinguished Name (DN) component order when
extracting group names by iterating through the DN components in the correct
order
### What type of PR is it?
Improvement
*Please leave your type of PR only*
### Todos
* [ ] - Task
### What is the Jira issue?
[ZEPPELIN-6171]
### How should this be tested?
added automated unit tests for any new or changed behavior
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
