Feature Request: Copy User Group Custom Mappings between LDAP configurations
We like to have a backup LDAP configuration available for our LDAP authentication in Cerberus.
When creating a new configuration none of the current User Group Custom Mappings are carried over. This requires us to recreate every Custom Mapping on the backup LDAP server.
It would be great if you could copy the current Group Mappings to a new LDAP Server Configuration, or even have sync these mappings to both/multiple LDAP configurations.
-
Hello Joseph,
Currently, you can utilize either server synchronization, or the settings import/export functionality to copy LDAP settings and mappings to a new configuration. If this wasn't what you were looking to do, could you provide a use case, along with the following bullet points? These help us and our product team prioritize feature requests efficiently.
- What is the problem that this feature would fix?
- Why is it a problem?
- Is there a workaround you currently have for this problem?
- Do you have a suggestion on how you would like to see the problem fixed?
- How big is the problem? Who is affected by this problem (End Users, Admins, etc.)?
0 -
hi Connor, the issue is not regarding syncing between Cerberus Servers, but the configuration of a second LDAP Server in the Cerberus Admin Console
- Problem:
- In Cerberus Admin Console LDAP Configuration: LDAP server #1(1.1.1.1) goes offline, LDAP Server #2 (2.2.2.2) is online but has not been configured with Custom Group Mappings.
- Authentication Policy tries to authenticate to 1.1.1.1 fails, moves on to 2.2.2.2 authenticates successfully, but gives every user default group access with no Custom Mappings present.
- It is a problem because the 100s of custom mappings that were created on 1.1.1.1 are not present for 2.2.2.2
- Workaround
- edit the 1.1.1.1 server configuration to point to 2.2.2.2 server; this keeps the custom mappings and routes traffic to the secondary server
- Suggestion
- Provide an option to copy existing mappings to a second LDAP Configuration or an active sync between the 2 configurations.
- Impact
- it affected all end users when our LDAP #1 went down and the login policy used LDAP2 to login, all group access was gone for LDAP authenticated users. Admin was affected by having to manually recreate all custom mapppings on LDAP#2
0 -
Thanks so much for the clarification and supporting details Joseph! I will get this over to our product team for their review and scoping. If we need any other details, we will reach out either through this thread, or a ticket.
0
Please sign in to leave a comment.
Comments
3 comments