Skip to content

Navigation Menu

Sign in

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

[Security] Ability to add roles in form_login_ldap by ldap group #52181

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 10, 2025
Merged

[Security] Ability to add roles in form_login_ldap by ldap group #52181

merged 1 commit into from
Feb 10, 2025

Conversation

Spomky
Copy link
Contributor

@Spomky Spomky commented Oct 19, 2023
edited
Loading

Q A
Branch? 7.2
Bug fix? no
New feature? yes
Deprecations? no
Tickets Fix #51225
License MIT

This PR adds a way for setting roles in form_login_ldap based on LDAP configuration.
Please note that it is based on SF6.4, but may be changed to 7.1 if already in feature freeze period. => Rebased for targeting SF 7.1

  • Feature
  • Tests
  • Documentation

@Spomky Spomky requested a review from chalasr as a code owner October 19, 2023 16:08
@carsonbot carsonbot added this to the 6.4 milestone Oct 19, 2023
@fabpot fabpot modified the milestones: 6.4, 7.1 Oct 20, 2023
@OskarStark
Copy link
Contributor

Please note that it is based on SF6.4, but may be changed to 7.1 if already in feature freeze period.

Yes it will be for 7.1, but you can already rebase on and target 7.0 if you like

@Spomky Spomky force-pushed the features/ldap_roles branch from ea40f75 to 172a40a Compare October 20, 2023 16:22
@Spomky Spomky changed the base branch from 6.4 to 7.0 October 20, 2023 16:23
@Spomky Spomky force-pushed the features/ldap_roles branch 3 times, most recently from 2a66af5 to 840f533 Compare October 20, 2023 19:51
@Spomky Spomky force-pushed the features/ldap_roles branch from 840f533 to 211c52f Compare February 1, 2024 19:58
@Spomky Spomky changed the base branch from 7.0 to 7.1 February 1, 2024 19:58
@Spomky Spomky force-pushed the features/ldap_roles branch from 211c52f to 3c74d5f Compare February 1, 2024 19:59
@Spomky Spomky force-pushed the features/ldap_roles branch from 3c74d5f to db1771b Compare April 3, 2024 18:42
nicolas-grekas
nicolas-grekas reviewed Apr 3, 2024
View reviewed changes
Copy link
Member

@nicolas-grekas nicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What would be the typical implementation for a role fetcher? Can we provide one that e.g. reads some conventional entries from the Entry?

@xabbuh xabbuh modified the milestones: 7.1, 7.2 May 15, 2024
@Spomky Spomky force-pushed the features/ldap_roles branch from 7e9df2c to bd83a8c Compare June 13, 2024 15:33
@MDeveloping
Copy link

MDeveloping commented Aug 23, 2024
edited
Loading

Did I understand this correct, that there will be an easy way, to read the memberOf of a LDAP User if logging in and than set a role?
Did I also understand it correct, that this will be available at Symphony 7.2 ad that a documentation is missing for now on Symfony Docs?

@OskarStark OskarStark changed the title [Security] Ability to add roles in form_login_ldap by ldap group [Security] Ability to add roles in form_login_ldap by ldap group Aug 25, 2024
@fabpot fabpot modified the milestones: 7.2, 7.3 Nov 20, 2024
@Spomky Spomky force-pushed the features/ldap_roles branch 3 times, most recently from cdd873f to 80eb8a3 Compare January 18, 2025 07:40
welcoMattic
welcoMattic approved these changes Feb 3, 2025
View reviewed changes
Copy link
Member

@welcoMattic welcoMattic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2 minor comments, otherwise it's 👍 for me

@Spomky Spomky force-pushed the features/ldap_roles branch 2 times, most recently from 15aab3b to 5e8b1c7 Compare February 7, 2025 19:51
@Spomky
[Security] Ability to add roles in form_login_ldap by ldap group
b183e4a 
This update allows LDAP to fetch roles for a given user entry by using the new RoleFetcherInterface. The LdapUserProvider class has been adjusted to use this new functionality.
@Spomky Spomky force-pushed the features/ldap_roles branch from 5e8b1c7 to b183e4a Compare February 7, 2025 20:05
@Spomky Spomky requested a review from fabpot February 7, 2025 20:17
@fabpot
Copy link
Member

fabpot commented Feb 10, 2025

Thank you @Spomky.

@fabpot fabpot merged commit 4ecc160 into symfony:7.3 Feb 10, 2025
10 of 11 checks passed
@fabpot fabpot mentioned this pull request Feb 10, 2025
Closed
@fabpot fabpot mentioned this pull request May 2, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolas-grekas nicolas-grekas nicolas-grekas left review comments

@OskarStark OskarStark OskarStark left review comments

@fabpot fabpot fabpot approved these changes

@welcoMattic welcoMattic welcoMattic approved these changes

@chalasr chalasr Awaiting requested review from chalasr chalasr is a code owner

@xabbuh xabbuh Awaiting requested review from xabbuh

@lyrixx lyrixx Awaiting requested review from lyrixx

@dunglas dunglas Awaiting requested review from dunglas

@yceruto yceruto Awaiting requested review from yceruto

@kbond kbond Awaiting requested review from kbond

@jderusse jderusse Awaiting requested review from jderusse

Assignees
No one assigned
Labels
Feature Security Status: Reviewed
Projects
None yet
Milestone
7.3
Development

Successfully merging this pull request may close these issues.

[Security] Ability to add roles in form_login_ldap by ldap group
8 participants
@Spomky @OskarStark @MDeveloping @fabpot @nicolas-grekas @welcoMattic @xabbuh @carsonbot
Morty Proxy This is a proxified and sanitized view of the page, visit original site.