LDAP group mapping: stringwise comparison fails due to different DN formats #1790
LDAP group mapping is a very appreciated feature for us. Thanks for implementing it!
This is what the trace shows:
In LdapConnector.findGroups, the DN of ldapEntry is compared stringswise with each member attribute of a group:
Since org.apache.directory.api.ldap.model.name.Dn.getName() returns a string where RDNs are separated by comma and whitespace, the strings do not match although the DNs are semantically equal.
According to RFC 2253, whitespaces are allowed between RDNs while RFC 4514 defines the string representation without whitespaces. So maybe you could remove whitespaces from the strings before comparing them by something like
PS: We are using Graylog 1.3.3
The text was updated successfully, but these errors were encountered:
Normalize the DN before comparing the strings to avoid mapping problems if the DNs have different whitespace formatting. Fixes #1790