New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve compatibility with different LDAP schemas #1494

Merged
merged 6 commits into from Oct 21, 2015

Conversation

Projects
None yet
2 participants
@bernd
Member

bernd commented Oct 19, 2015

Improve the auto detection of the member attribute to support more LDAP setups out there. The member attribute should be configurable, but this will be done as a feature addition in the future because it's too much code for the stable release.

Also support posixGroup groups by checking for the memberUid attribute. The memberUid references a UID instead of a DN so we have to compare it against the UID of the LDAP entry.

Refs #1433

bernd added some commits Oct 19, 2015

Improve auto detection of the LDAP member attribute
Check the entry object for "uniqueMember" and "member" attributes if we
cannot determine the correct member attribute from the object class.

The member attribute should be configurable eventually. Until that can
be done, this fix should improve the situation.

Refs #1433
Add support for posixGroup groups with memberUid attributes
The memberUid attribute of a posixGroup does not contain the DN of the
LDAP object but the UID. Check against the ldap entry UID if the DN
match didn't work.

Refs #1433

@bernd bernd added this to the 1.2.2 milestone Oct 19, 2015

@bernd bernd removed the ready-for-review label Oct 20, 2015

@bernd

This comment has been minimized.

Member

bernd commented Oct 20, 2015

I am currently working on some LDAP tests.

bernd added some commits Oct 20, 2015

Start adding LDAP tests
Using an embedded ApacheDS server and the apacheds-test-framework.
Also get "uid" attribute for the LdapEntry
This unbreaks posixGroup lookup for users.
@LoadSchema(name = "nis", enabled = true)
}
)
@ApplyLdifs(

This comment has been minimized.

@joschi

joschi Oct 21, 2015

Contributor

Could we replace this with @ApplyLdifFiles so that the LDIF could also be easily applied to another LDAP server? It also makes the test class look less convoluted.

This comment has been minimized.

@bernd

bernd Oct 21, 2015

Member

Done.

@joschi

This comment has been minimized.

Contributor

joschi commented Oct 21, 2015

LGTM. 👍

joschi added a commit that referenced this pull request Oct 21, 2015

Merge pull request #1494 from Graylog2/issue-1433
Improve compatibility with different LDAP schemas

@joschi joschi merged commit c9f2ebf into 1.2 Oct 21, 2015

3 checks passed

ci Jenkins build graylog2-server-integration-pr 297 has succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@joschi joschi deleted the issue-1433 branch Oct 21, 2015

joschi added a commit that referenced this pull request Oct 21, 2015

Merge pull request #1494 from Graylog2/issue-1433
Improve compatibility with different LDAP schemas
(cherry picked from commit c9f2ebf, refs #1433)

joschi added a commit that referenced this pull request Oct 21, 2015

Merge pull request #1494 from Graylog2/issue-1433
Improve compatibility with different LDAP schemas
(cherry picked from commit c9f2ebf, refs #1433)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment