Menu
▾
▴
Re: [Unity-idm-discuss] Difficult use-case for ldap integration
|
From: Krzysztof B. <kb...@un...> - 2023-08-21 10:32:57
|
Hi Sander, W dniu 18.08.2023 o 12:42, Sander Apweiler pisze: > Hi Krzysztof, hi Roman, > within another project we have a quite difficult use-case for > integrating LDAP for authentication in untiy. The LDAP has one tree > containing the usernames, passwords and an identifier (not equal to the > username). Within another tree we have this identifier, email and name > of the user. > > As far as I understood the manual unity would be able to perform the > ldapsearch for the attributes on another tree than the bind call for > authentication, but it would require the username in both trees. So > this would not fit here. > > We had two ideas what could work but would need your knowledge to > clarify this. The first idea was the mechanism to call an attribute > authority after user authentication, like we had in the lifescience > use-case in past. Could we use this feature to perform the second LDAP > call after authentication to fetch the user information from the seconf > tree using the identifier. > > The second idea was fetching the user information from a proprietary > API, which already exists. For this we would need to trigger a script, > which fetches the information and stores them into unity. Would there > be a trigger for a groovy script in the authentication/registration > process where we could integrate the script? The first of your ideas should work. Note that this will work only when in Unity authentication is performed on one of IdP endpoints (SAML or OAuth). But if that is fine (and so you don't need to enrich information about existing user logging into unity directly, like to homeUI), then usage of LDAP importer should be just perfect. Best, Krzysztof |
