Chef Ideas

We believe that the best way to build software is to do it in close collaboration with the people who use it. We invite you to submit your ideas using the form below. Please be sure to include the problem for which you are solving and the benefits of implementing the idea.

We do our best to implement as many Ideas as we can. Our Product team will evaluate all submitted ideas in a timely manner and will disposition each into one of the following categories: will integrate into the product roadmap, further research is needed, unlikely to implement.

Thanks for collaborating with us!

Chef Server support for LDAP nested groups in group_dn

This has previously been captured in https://github.com/chef/chef-server/issues/153.

The ldap['group_dn'] is used to set the distinguished name for a group (see documentation https://docs.chef.io/server_ldap).
For example, for:
memberOf=CN=abcxyz,OU=users,DC=company,DC=com
we have:
ldap['group_dn'] = 'CN=abcxyz,OU=users,DC=company,DC=com'

Is it also possible to authorize more than two different groups?
For example, for:
(|(memberOf=CN=abcxyz,OU=users,DC=company,DC=com)(memberOf=CN=defghi,OU=users,DC=company,DC=com))
  • Guest
  • Sep 1 2020
  • Currently Declined
  • Attach files
  • Guest commented
    15 Apr, 2021 05:28pm

    This would be very helpful for several clients, many of which have been through M&A or have coprorate divisions within AD that cause connection far up in the directory tree to reach a common group dn. Allowing multiple group DNs via an array, woudl allow for the search to be conducted at a potentially much lower lefvel in the directory tree.