Skip to content

LDAP hook: Different DNs for bind user and login users

If your bind user has a different dn than the users that will be able to login to the stork web interface, you don't have a chance to set different root dns.

Here a example:

Bind user: cn=bind_user,ou=service_account,ou=users,dc=example,dc=org Login user: cn=login_user,ou=real_users,ou=users,dc=example,dc=org

It tried to use the maximum similar dn as root parameter and set the remainder in the bind username variable like this:

STORK_SERVER_HOOK_LDAP_ROOT="ou=users,dc=example,dc=org"
STORK_SERVER_HOOK_LDAP_BIND_USERNAME="bind_user,ou=service_account"

With this setup I was able to get the connection to ldap with the bind user but I was not able to login with a user, becuause I was not able to manipulate the username like the STORK_SERVER_HOOK_LDAP_BIND_USERNAME variable.

A possible solution is to set the full dn for the bind user in STORK_SERVER_HOOK_LDAP_BIND_USERNAME and use the STORK_SERVER_HOOK_LDAP_ROOT only for the search base of the users that will be able to login to the web interface.

Although I am not very comfortable with go and ldap, I would be able to help in implementing this solution.