Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-2161

Nested Group Support in LdapRealm for AD using LDAP_MATCHING_RULE_IN_CHAIN Operator

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.7.0
    • Fix Version/s: 0.7.1
    • Component/s: zeppelin-server
    • Labels:
      None

      Description

      A common use case in LDAP/AD setup is the hierarchical structuring of groups - a.k.a. adding groups to other groups. Such nesting groups can help reduce the number of roles that need to be managed.

      Current zeppelin realm implementations doesn't have support for looking up memberships throughout nested group structures.

      E.g. consider the following nested group scenario:

      acme_employees
       \__department_a
           \__sub_department_x
      

      User 'bob' is in Group 'sub_department_x'.

      Notebook 'note1' has a Reader Role assignment for 'department_a' or 'acme_employees'.

      Then access must be granted for 'bob' on 'note1'.

      In AD enviroments this scenarios can be efficiently implemented using the so called LDAP_MATCHING_RULE_IN_CHAIN operator '1.2.840.113556.1.4.1941'.

        Attachments

          Activity

            People

            • Assignee:
              aweise Andreas Weise
              Reporter:
              aweise Andreas Weise

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment