Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Label desktops based on the content of LDAP attributes #13028

Merged
merged 3 commits into from
Jun 7, 2022
Merged

Label desktops based on the content of LDAP attributes #13028

merged 3 commits into from
Jun 7, 2022

Conversation

zmb3
Copy link
Collaborator

@zmb3 zmb3 commented May 31, 2022
edited
Loading

This allows users to configure an optional set of LDAP attributes
which will be included in all LDAP queries. Teleport uses these
attributes when labeling desktops.

We use the ldap/ label prefix to align with how the EC2 labels use an aws/ prefix.

Updates #12326

@zmb3 zmb3 force-pushed the zmb3/desktop-labeling branch 2 times, most recently from 12d8de4 to 70a2615 Compare June 1, 2022 21:49
@zmb3
Copy link
Collaborator Author

zmb3 commented Jun 1, 2022

Here's an example with the following config:

discovery:
  base_dn: '*'
  label_attributes:
  - logonCount

image

@zmb3 zmb3 force-pushed the zmb3/desktop-labeling branch from 70a2615 to 0b2f29a Compare June 1, 2022 21:53
@zmb3 zmb3 marked this pull request as ready for review June 1, 2022 21:53
@zmb3 zmb3 removed the request for review from xinding33 June 1, 2022 21:55
ptgott
ptgott approved these changes Jun 2, 2022
View reviewed changes
docs/pages/desktop-access/rbac.mdx Outdated Show resolved Hide resolved
docs/pages/desktop-access/rbac.mdx Outdated Show resolved Hide resolved
docs/pages/desktop-access/rbac.mdx Outdated Show resolved Hide resolved
docs/pages/desktop-access/rbac.mdx Outdated Show resolved Hide resolved
docs/pages/desktop-access/rbac.mdx Outdated Show resolved Hide resolved
@zmb3 zmb3 force-pushed the zmb3/desktop-labeling branch from 0b2f29a to dc00f35 Compare June 2, 2022 21:01
@zmb3
Label desktops based on the content of LDAP attributes
13a997b 
This allows users to configure an optional set of LDAP attributes
which will be included in all LDAP queries. Teleport uses these
attributes when labeling desktops.

Updates #12326
@zmb3 zmb3 force-pushed the zmb3/desktop-labeling branch from dc00f35 to 13a997b Compare June 7, 2022 13:23
@zmb3 zmb3 requested a review from atburke June 7, 2022 13:25
@zmb3
Copy link
Collaborator Author

zmb3 commented Jun 7, 2022

@atburke requested your review since this is very similar to the EC2 labels work you did.

espadolini
espadolini approved these changes Jun 7, 2022
View reviewed changes
lib/srv/desktop/discovery.go Outdated Show resolved Hide resolved
lib/srv/desktop/windows_server.go
@@ -164,6 +164,9 @@ type WindowsServiceConfig struct {
// Windows Desktops. If multiple filters are specified, they are ANDed
// together into a single search.
DiscoveryLDAPFilters []string
// DiscoveryLDAPAttributeLabels are optional LDAP attributes to convert
// into Teleport labels.
DiscoveryLDAPAttributeLabels []string
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe DiscoveryLDAPLabelAttributes to match the field name in the discovery configuration?

@zmb3 zmb3 enabled auto-merge (squash) June 7, 2022 14:23
@zmb3 zmb3 merged commit e7feac4 into master Jun 7, 2022
@github-actions
Copy link

github-actions bot commented Jun 7, 2022

@zmb3 See the table below for backport results.

Branch Result
branch/v9 Create PR

@zmb3 zmb3 mentioned this pull request Jun 7, 2022
Merged
@zmb3 zmb3 deleted the zmb3/desktop-labeling branch June 7, 2022 15:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ptgott ptgott ptgott approved these changes

@LKozlowski LKozlowski LKozlowski approved these changes

@espadolini espadolini espadolini approved these changes

@r0mant r0mant Awaiting requested review from r0mant

@timothyb89 timothyb89 Awaiting requested review from timothyb89

@atburke atburke Awaiting requested review from atburke

Assignees
No one assigned
Labels
desktop-access documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@zmb3 @espadolini @LKozlowski @ptgott