Is your feature request related to a problem?
Please add an optional LDAP Provider setting to expose effective group membership for users, including parent groups from Authentik group hierarchy.
Example:
vpn-users
└── devops
└── ivan
ivan is directly in devops, but effectively also in vpn-users. LDAP clients that only read memberOf may only see devops.
Describe the solution you'd like
Desired output, either in memberOf:
memberOf = [group.name for group in request.user.all_groups()]
memberOf: cn=devops,ou=groups,dc=ldap,dc=goauthentik,dc=io
memberOf: cn=vpn-users,ou=groups,dc=ldap,dc=goauthentik,dc=io
or in a separate attribute:
effectiveMemberOf: cn=devops,ou=groups,dc=ldap,dc=goauthentik,dc=io
effectiveMemberOf: cn=vpn-users,ou=groups,dc=ldap,dc=goauthentik,dc=io
Describe alternatives that you've considered
Wrote script that modify each user with effectiveMemberOf attribute with all the group Hierarchy
Additional context
Expose effectiveMemberOf: - disabled - enabled
Is your feature request related to a problem?
Please add an optional LDAP Provider setting to expose effective group membership for users, including parent groups from Authentik group hierarchy.
Example:
ivan is directly in devops, but effectively also in vpn-users. LDAP clients that only read memberOf may only see devops.
Describe the solution you'd like
Desired output, either in memberOf:
memberOf = [group.name for group in request.user.all_groups()]
or in a separate attribute:
Describe alternatives that you've considered
Wrote script that modify each user with effectiveMemberOf attribute with all the group Hierarchy
Additional context
Expose effectiveMemberOf: - disabled - enabled