Forum Discussion

matthewrabey's avatar
matthewrabey
New Contributor
4 months ago

LDAP User sorted into correct Organization

I manage an On-Prem SwaggerHub installation that handles a multi-tenant environment.  We've synced our OpenLDAP server to SwaggerHub to ensure our users can have a single source for their login across all of our services.  We support multiple organizations within our ecosystem and as such have typically separated out each team into their own organization (on tools such as Github, Harbor, etc).

However, the issue I'm running into is that new users signing onto SwaggerHub are placed into the default Organization even though the Group Filter is setup to read their Groups from LDAP.  Does SwaggerHub support the ability to have users automatically added (upon first-time login) to the SwaggerHub Organization that matches a group to which they have membership?

For example, we have two users:

User: bob

User: jill

User `bob` is a member of the `foo` group on LDAP, while user `jill` is a member of the `bar` group.  We have two organizations on the SwaggerHub On-Prem instance that match these group names: `foo` and `bar` organizations.  For clarity, the `foo` organization was the initial organization created during SwaggerHub install.  When `bob` first signs on, they will be assigned to the `foo` organization as expected.  However, when `jill` first signs on, they are assigned to the `foo` organization as well.

Does SwaggerHub support the ability to assign `jill` to the `bar` organization during initial login?

  • matthewrabey's avatar
    matthewrabey
    New Contributor
    4 months ago

    Another way to state the question is:

    Does SwaggerHub support the ability to map a SwaggerHub Organization to an LDAP group?

  • Maximilian's avatar
    Maximilian
    Occasional Contributor
    2 months ago

    In your scenario with SwaggerHub and its integration with OpenLDAP for user management, it seems like you're looking for a more dynamic way to manage user organization assignments based on LDAP group memberships during the initial login process.

    Overview of the Current Situation

    From what you’ve described:

    • Users like bob and jill are in specific LDAP groups (e.g., foo and bar).
    • SwaggerHub currently assigns new users to the default organization upon their first login, regardless of their LDAP group memberships.

    Understanding SwaggerHub's User Management

    As of the latest updates, SwaggerHub does have features for managing organizations and groups but might not automatically assign users to organizations based solely on their LDAP group memberships during the first login. The behavior you’re experiencing—where users default to a specific organization—suggests that while the group filtering is correctly set up, the initial assignment logic may not be configured to reflect the desired outcome.