Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check target entry DN against LDAP configured filter #167

Closed
coudot opened this issue Sep 22, 2024 · 1 comment · Fixed by #174
Closed

Check target entry DN against LDAP configured filter #167

coudot opened this issue Sep 22, 2024 · 1 comment · Fixed by #174
Assignees
@coudot
Labels
enhancement New feature or request
Milestone
0.6

Comments

@coudot
Copy link
Member

coudot commented Sep 22, 2024

When displaying the entry from the DN (or doing any action on it), we don't check that the DN is compatible with LDAP filter (and scope) configured. This could allow to act on entries that should not be managed by Service Desk.

Even if the Service Desk LDAP account should be limited by directory ACLs, it would be better to refuse any action if we are out of scope of what is configured.

This is really needed for multi-tenancy.
@coudot coudot added the enhancement New feature or request label Sep 22, 2024
@coudot coudot added this to the 0.6 milestone Sep 22, 2024
@coudot coudot self-assigned this Oct 10, 2024
@coudot
Copy link
Member Author

coudot commented Oct 28, 2024
edited
Loading

I plan to create a new method in ltb-common to check if a DN matches a filter/base/scope.

The best way from my point of view is to do a search with filter/base/scope and use the DN value is filter (which needs to adapt the filter between AD and OpenLDAP)

Edit: ltb-project/ltb-common#46

@coudot coudot linked a pull request Oct 29, 2024 that will close this issue
Check DN is matching configured search parameters before allowing any action on it #174
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@coudot coudot

Labels
enhancement New feature or request
Projects
None yet
Milestone
0.6
1 participant
@coudot