You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have recently been trying to configure a connection between the LDAP server that we use for storing user credentials and the fabric-ca server. In our configuration, we are using NodeOUs to determine user permissions - when not using LDAP, and registering with the ca directly, we set this using the -type flag set to one of admin, peer, client or orderer. However, it seems that when using LDAP configuration, the user is always set to a default of type client, which cannot be changed through any LDAP attributes or API calls.
I'm pretty sure that this can easily be fixed by just editing the file fabric-ca/lib/server/ldap/client.go, specifically the getType function on line 342 - just adding an attribute lookup in LDAP for an attribute Type or something similar, and then if that value exists return it, otherwise still defaulting to client.
If there is a way to set the type of a user when getting the details from LDAP, please let me know!
The text was updated successfully, but these errors were encountered:
I have recently been trying to configure a connection between the LDAP server that we use for storing user credentials and the fabric-ca server. In our configuration, we are using NodeOUs to determine user permissions - when not using LDAP, and registering with the ca directly, we set this using the -type flag set to one of admin, peer, client or orderer. However, it seems that when using LDAP configuration, the user is always set to a default of type client, which cannot be changed through any LDAP attributes or API calls.
This makes the LDAP configuration with the ca unusable if you want to have any sort of policies set up requiring type admin/peer/orderer, as the certificate always identifies it as type client. Here is a link to a stackoverflow post where they had the same issue, for added context on the issue - https://stackoverflow.com/questions/63834220/set-admin-role-for-an-ldap-user-in-hyperledger-fabric-ca.
I'm pretty sure that this can easily be fixed by just editing the file
fabric-ca/lib/server/ldap/client.go, specifically the getType function on line 342 - just adding an attribute lookup in LDAP for an attribute Type or something similar, and then if that value exists return it, otherwise still defaulting to client.If there is a way to set the type of a user when getting the details from LDAP, please let me know!
The text was updated successfully, but these errors were encountered: