Menu
▾
▴
Re: [Unity-idm-discuss] read additional user information from another ldap tree
|
From: Krzysztof B. <kb...@un...> - 2023-10-27 06:56:44
|
Hi Sander, W dniu 19.10.2023 o 10:12, Sander Apweiler pisze: > Hi Krzysztof, hi Roman, > we are preparing another instance of unity where we have the userlogin > via LDAP. In the LDAP service is a tree which contains the username > password and an id. The other userinformation are stored in another > LDAP tree identified by the id from the first one. Is there any > possibility to fetch this information at the login? According to the > manual the ldap.additionalSearch is only working with the username, > which is not present in the second tree. Unfortunately that can not be achieved. Unity would need to authenticate user as a local user first, extract attribute or identity of this user holding LDAP id (assumption: LDAP id goes to an attribute or identity in Unity) and then perform another query with that attribute being the key. That is impossible right now. > Do we have the possibility to inject the information on other ways. We > would also have access to an API to request the information. But I > asusme that unity can not call the API and work with the response. Natively in Unity it would be pretty hard. I guess the only way is to develop a custom enhancement groovy script, but it would be pretty involving and would require bigger maintenance work when upgrading Unity. Maybe it is possible to create some consolidating LDAP proxy service? Best, Krzysztof |
