LDAP authentication and Prohibit copy-and-paste

I downloaded latest teleport(ver.4.2.3) and built local enviroment(on VirtualBox,OS CentOS7), normal operation was confirmed.
Also, I have read through the administration document(“https://gravitational.com/teleport/docs/admin-guide/”),
but please tell me some of the settings abount teleport.

Question1: Can I use Local LDAP Authentication ?
I read OSS teleport can use local and github.OSS teleport can’t use OpenLDAP auth?
Can enterprise teleport use OpenLDAP authentication?

Question2:Prohibit copy-and-paste on console
If I log in via a browser on the Proxy server and connect to the Node server on the browser,
can I prohibit copying and pasting of the character string entered on the console?

Question3: how to hide “download and upload button”
Where is the setting to hide (disable) the File upload and File download buttons
displayed in the lower left of the console on the browser?

Thank you for your help.

No, neither Teleport OSS nor Teleport Enterprise supports direct integration with LDAP. Teleport Enterprise must be connected via SAML or OIDC.

Some of our customers use services like dex or Keycloak to connect to their internal LDAP servers and provide an OIDC interface for Teleport to use.

This isn’t currently possible with Teleport. It would likely be possible to implement in the web interface (although could be counteracted by interaction wth the Javascript console) but would be impossible to implement for the tsh client.

Regardless, if this a feature you’d like to see, please feel free to raise a feature request at https://github.com/gravitational/teleport/issues

There is currently no way to hide these buttons with Teleport or disable the tsh scp functionality. If this is a feature you’d like to see, please feel free to raise a feature request at https://github.com/gravitational/teleport/issues

On a general note regarding your above requests for limiting access - Teleport’s current goal is to enable auditing of user activity, rather than attempting to prevent users from doing things in the first place. No matter what you do, there are always ways that a competent user will be able to work around restrictions. As such, Teleport is more focused on providing a full session log containing details such as connection times, usernames and paths to files uploaded/downloaded. In addition, with Teleport 4.2 we added enhanced session recording capabilities which can give much deeper insight into what users are doing.

Thank you gus.
I understood current situation.
I would like to consider a little based on the content.
Thank you for your support.

1 Like

You’re welcome. Let us know if there’s anything else we can help with.