Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve compatibility with different LDAP schemas #1494

Merged
merged 6 commits into from Oct 21, 2015
Merged

Improve compatibility with different LDAP schemas #1494

merged 6 commits into from Oct 21, 2015

Conversation

@bernd
Copy link
Member

@bernd bernd commented Oct 19, 2015

Improve the auto detection of the member attribute to support more LDAP setups out there. The member attribute should be configurable, but this will be done as a feature addition in the future because it's too much code for the stable release.

Also support posixGroup groups by checking for the memberUid attribute. The memberUid references a UID instead of a DN so we have to compare it against the UID of the LDAP entry.

Refs #1433

bernd added 3 commits Oct 19, 2015
Check the entry object for "uniqueMember" and "member" attributes if we
cannot determine the correct member attribute from the object class.

The member attribute should be configurable eventually. Until that can
be done, this fix should improve the situation.

Refs #1433
The memberUid attribute of a posixGroup does not contain the DN of the
LDAP object but the UID. Check against the ldap entry UID if the DN
match didn't work.

Refs #1433
@bernd
Copy link
Member Author

@bernd bernd commented Oct 20, 2015

I am currently working on some LDAP tests.

bernd added 2 commits Oct 20, 2015
Using an embedded ApacheDS server and the apacheds-test-framework.
This unbreaks posixGroup lookup for users.
@LoadSchema(name = "nis", enabled = true)
}
)
@ApplyLdifs(

This comment has been minimized.

@joschi

joschi Oct 21, 2015
Contributor

Could we replace this with @ApplyLdifFiles so that the LDIF could also be easily applied to another LDAP server? It also makes the test class look less convoluted.

This comment has been minimized.

@bernd

bernd Oct 21, 2015
Author Member

Done.

@joschi
Copy link
Contributor

@joschi joschi commented Oct 21, 2015

LGTM. 👍

joschi added a commit that referenced this pull request Oct 21, 2015
Improve compatibility with different LDAP schemas
@joschi joschi merged commit c9f2ebf into 1.2 Oct 21, 2015
3 checks passed
3 checks passed
@garybot2
ci Jenkins build graylog2-server-integration-pr 297 has succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
@joschi joschi deleted the issue-1433 branch Oct 21, 2015
joschi added a commit that referenced this pull request Oct 21, 2015
Improve compatibility with different LDAP schemas
(cherry picked from commit c9f2ebf, refs #1433)
joschi added a commit that referenced this pull request Oct 21, 2015
Improve compatibility with different LDAP schemas
(cherry picked from commit c9f2ebf, refs #1433)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants