I looked at the ACLs section in cluster config but it didn’t do what I wanted. A real user (without home dir set up on cluster) could still provide correct credentials and then have an issue because their home dir doesn’t exist (p.s. how can you log out when you get this issue? Just clear cookies/cache for the page?). How can I filter at the login page?
^ Cluster Config Schema v2 — Open OnDemand 3.1.0 documentation
Yea if you want to restrict logins to specific LDAP groups you likely need to configure the same in apache and/or on your identity provider. you should be able to add Require group X directives in the auth section of your ood_portal.yml.
Hmm I couldn’t get this working. It looked like I need to enable a further ldap apache module to use ldap groups? Just ‘Require group’ didn’t work and gave an apache error. Instead I set a custom search filter in the dex config, so users who don’t have a certain attribute wouldn’t be found. This isn’t ideal but it works.
Yea it should have been Require group abc123 if you wanted to limit to the group abc123.
But yea LDAP filters should work just fine. Sounds good to me, I mean that’s what they’re there for, I think.