You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There's a boundary case that isn't handled cleanly, which is when allowed_groups is configured but the user attempting to authenticate isn't defined in any specific AD groups at all. In this case 'memberof' isn't defined in the returned Net::LDAP::Entry object. I know little about AD administration so I'm not sure how likely this is in practice, but I just hit it while testing against an internal dev AD instance.
Ideally of course, the behavior should be the same -- if you're not a member of any groups, then you're not a member of the allowed group(s) and authentication is denied.
The text was updated successfully, but these errors were encountered:
There's a boundary case that isn't handled cleanly, which is when
allowed_groupsis configured but the user attempting to authenticate isn't defined in any specific AD groups at all. In this case 'memberof' isn't defined in the returned Net::LDAP::Entry object. I know little about AD administration so I'm not sure how likely this is in practice, but I just hit it while testing against an internal dev AD instance.Ideally of course, the behavior should be the same -- if you're not a member of any groups, then you're not a member of the allowed group(s) and authentication is denied.
The text was updated successfully, but these errors were encountered: