Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Expand capabilities of ldap.groupMemberPattern
Previously, the pattern supported a limited set of variables that were either accidentially available (due to their use in other queries) or hard-coded (e.g., `username` is a special-case that was added). Furthermore, the documentation made reference to being able to use variables such as `${uidNumber}` even though they are not actually supported (since `uidNumber` is normally never queried). Under the default RFC 2307 configuration of LDAP, the only variables available were `displayName, `mail`, `uid`, and `username` (It's noteworthy that `username` was added as a special-case due to the default `groupMemberPattern` containing `${username}` even though `username` is substitued by Gerrit and not LDAP). This changeset removes the artificial restrictions on the attributes used in the `groupMemberPattern`. Any variable is assumed to originate from the account, but `username` is still overridden and provided by Gerrit (as before). This allows more expressive patterns, which allows us to fix an outstanding bug in group matching. Prevously, a user whose `gidNumber` matched the group's `gidNumber` would not have been included in the group. This changeset updates the default `groupMemberPattern` to account for this issue by adding the additional case of `(gidNumber=${gidNumber}`. Bug: Issue 2054 Change-Id: Iff3a14c569a10c1ef693b672f4710fb6f2f8d9a6
- Loading branch information