-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Retrieve nested group membership #17
Comments
I have attempted a patch for this issue on my fork, https://github.com/shackit/kube-ldap/tree/nested-ad-groups. I doubt this is a viable solution for all LDAP directories as it uses LDAP_MATCHING_RULE_IN_CHAIN |
hm.. I like the idea of supporting nested group memberships. |
I removed this feature from the 2.0.0 milestone since I haven't found any generic and nice way to support nested group memberships. |
Have you find a solution ? I like this because it's very easy to use but I really need support of nested groups. :/ |
At the moment kube-ldap reads the direct group membership from the ldap user account. For example when binding to Microsoft Active Directory we retrieve the
memberOf
attribute. However, those groups could be members of other groups.We have a situation where we could have multiple k8 clusters and we would like a default RBAC rule bound to a particular group. Within that group we would have other groups, Ops/InfoSec etc. Instead of having to manage multiple RoleBindings/ClusterRoleBindings for each cluster, we would like to leverage the one parent group.
The text was updated successfully, but these errors were encountered: