Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable bound CIDRs for LDAP and Kerberos groups and users #26463

Open
nmasur opened this issue Apr 17, 2024 · 0 comments
Open

Enable bound CIDRs for LDAP and Kerberos groups and users #26463

nmasur opened this issue Apr 17, 2024 · 0 comments
Labels
auth/kerberos auth/ldap enhancement

Comments

@nmasur
Copy link

nmasur commented Apr 17, 2024

Is your feature request related to a problem? Please describe.

Bound CIDRs can be defined for entities, groups, and backend roles, but this same security feature cannot be defined for LDAP or Kerberos groups and/or users. It doesn't seem to me like this limitation should be there.

Describe the solution you'd like

Enable the "common token arguments" used in backend roles for LDAP: token_ttl, token_max_ttl, token_period, token_policies, token_bound_cidrs, token_explicit_max_ttl, token_no_default_policy, token_num_uses, token_type.

Describe alternatives you've considered

We could try to use a Sentinel policy on the given policy to restrict access by IP address.

Explain any additional use-cases

None.

Additional context

It seems strange that other resources would have this security feature but not LDAP.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth/kerberos auth/ldap enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nmasur @divyaac