Add support for LDAP user profile attributes selection. #215
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Via new configuration option: `LDAP_USER_BY_NAME_ATTRS`, a value to pass through to the underlying LDAPjs library as the `attributes` option for `Users.getByUserName`. Current behaviour is maintained, select the default set of attributes, which equates to a null value for the option. To include operational attributes in addition to the defaults, use a list containing an asterisk (meaning defaults) and the operational attributes: `[ "*", "att1", "att2" ]` To include ALL attributes, defaults and operational: `[ "*", "+" ]` More generally, to select only specific attribute(s) (regular or operational), specify each in the list: `[ "att1", "att2" ]`
|
That'd be a helpful. Just ran into a similar issue |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Rationale
We have need for pulling in operational attributes which are not automatically brought in by LDAP searches, and require that they be specified explicitly in a query. In our case, we require an
entryUUIDLDAP attribute from our LDAP user records.We have implemented this feature more generically to allow selecting/pulling in arbitrary attributes, hooking into the underlying LDAPjs library facility to specify attributes to bring back.
This feature may also provide data transfer efficiency gains for some use cases where a very specific subset of attributes are required, and no more. However, existing behaviour to bring in defaults (all minus operational attributes) is maintained. More in the Change Details below.
For further context, we then map our required attribute in a custom
profileMapper.jsto be included in the Auth0 normalised user profile.No UI or API changes.
Change Details
Via new configuration option:
LDAP_USER_BY_NAME_ATTRS, a value to pass through to the underlying LDAPjs library as theattributesoption forUsers.getByUserName.Current behaviour is maintained, select the default set of attributes, which equates to a null value for the option.
To include operational attributes in addition to the defaults, use a list containing an asterisk (meaning defaults) and the operational attributes:
[ "*", "att1", "att2" ]To include ALL attributes, defaults and operational:
[ "*", "+" ]More generally, to select only specific attribute(s) (regular or operational), specify each in the list:
[ "att1", "att2" ]References
Testing
New test cases added to
test/users.unit.tests.jsdemonstrating the new configuration. Existing tests continue to work with the default configuration value.Checklist
master