Skip to content

Automatically link Kerberos users and LDAP people

Nick Thomas requested to merge (removed):1552-kerberos-ldap-auto-link into master

What does this MR do?

Automatically links users who log in via Kerberos to their LDAP person

Are there points in the code the reviewer needs to double check?

There are a number of caveats on the operation of this feature. In particular, the Kerberos realm must match the domain part of the LDAP user's distinguished name. This is documented, but I'm not clear on what percentage of installations meet this requirement.

We could make the mechanism configurable, and allow users to specify a custom LDAP field to look up the Kerberos principal from, but should this come as a follow-up MR in %9.5 or can it be left until later?

Why was this MR needed?

Much-requested customer feature

Screenshots (if relevant)

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

Closes #1552 (closed)

Edited by Nick Thomas

Merge request reports