Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FR] Autoprovision groups based on userinfo #300

Open
bcskda opened this issue Jul 16, 2023 · 4 comments · May be fixed by #325
Open

[FR] Autoprovision groups based on userinfo #300

bcskda opened this issue Jul 16, 2023 · 4 comments · May be fixed by #325

Comments

@bcskda
Copy link

bcskda commented Jul 16, 2023

Hello

Currently autoprovisioning adds new users to a configuration-defined set of groups:

'auto-provision' => [
  'groups': ['employees']
]

Would you be interested in managing user's groups based on a userinfo claim?
E.g., add a configuration option 'auto-provision' => [ 'groups-claim': 'groups' ]
Then, if configured,

  • treat the userinfo claim as a list of gid's
  • add the user to specified groups that exist
  • remove the user from extra ones

For current 'groups' => ['employees'] configurations, keep the same logic "add during user creation"

Both scenarios would be available and interchangeable:

  • groups -> groups-claim transition would require administrators to configure their IdP and update existing user profiles on IdP side
  • groups-claim -> groups transition would disable groups synchronization for existing profiles and work as expected for new profiles

The groups and groups-claim should probably be mutually exclusive

Are there any concerns with LDAP integration or any other source of group membership?

In case this is ok, I am willing to implement

@bcskda
Copy link
Author

bcskda commented Aug 26, 2023

@alex-metcalfe-358
Copy link

Is this implemented in the current release?

@danthonywalker
Copy link

danthonywalker commented Aug 23, 2024

Anyway, this seems to work in our environment. Feel free to apply

https://gitlab.com/fpmi/owncloud-openidconnect/-/compare/8160194b3115717520dd695d89813c32234cc018...master?from_project_id=47930992&straight=false

Has this been merged into this project?

@DeepDiver1975
Copy link
Member

Has this been merged into this project?

no pull request - no merge 🤷

@bcskda bcskda linked a pull request Sep 29, 2024 that will close this issue
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants