viharm / phpLDAPauth / issues / #11 - LDAP group check is restricted to only one group — Bitbucket

Issue #11 new

viharm repo owner created an issue 2017-08-11

The group checking functionality checks for user's membership in only one group. This assumes that the application will probably have a separate group in the directory. However it does not account for a situation where the application may want to provide access to users from more than one group (e.g., Finance and Accounts).

Comments (3)

viharm reporter
Propose supplying an array of groups to check against, then, looping through each group when checking membership.

Needs different approaches for OpenLDAP and AD.

If an array is supplied, it will break backward compatibility with previous versions. To preserve this backward compatibility, the logic may have to check if the variable is a string or an array, then proceed to check either a single group (string) or multiple (from array).
- 2017-08-11T09:08:29+00:00
viharm reporter
Influences XatafaceLDAPauth issue #12
- 2017-08-11T09:13:20+00:00
viharm reporter
What about relation between each group name in the array supplied?

Should the user be a member of...
- any of the groups (OR logic), or
- all of the groups (AND logic)
... specified?

Perhaps the input should be a delimited string. The delimiter can be used to specify the logic. For example

Semantic delimiter:
- ; for OR logic
- , for AND logic
or, Mathematical delimiter
- + for OR logic
- * for AND logic
- 2018-09-22T10:49:32+00:00
Log in to comment

Assignee: viharm

Type: enhancement

Priority: major

Status: new

Milestone: Future

Version: Future

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!