Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[LDAP connector] Document that 'DN' must be in capitals #1190

Closed
whereisaaron opened this issue Feb 14, 2018 · 5 comments
Closed

[LDAP connector] Document that 'DN' must be in capitals #1190

whereisaaron opened this issue Feb 14, 2018 · 5 comments
Labels
area/connector kind/documentation

Comments

@whereisaaron
Copy link

I was perplexed why my LDAP group searches were not working. But I noted on the otherwise excellent LDAP connector documentation page, that 'DN' was used in capitals, even though nothing else was.

I didn't think 'dn' was supposed to be case sensitive? Either way, I think this is worth specifically calling out in the documentation.

Fails with 'Login Error' screen:

      userSearch:
        baseDN: "ou=Users,dc=example,dc=com"
        filter: "(objectClass=inetorgperson)"
        username: cn
        idAttr: dn
        emailAttr: mail
        nameAttr: displayName
      groupSearch:
        baseDN: "ou=Groups,dc=example,dc=com"
        filter: "(objectClass=groupOfUniqueNames)"
        userAttr: dn
        groupAttr: uniqueMember
        nameAttr: cn

Works great, including groups:

      userSearch:
        baseDN: "ou=Users,dc=example,dc=com"
        filter: "(objectClass=inetorgperson)"
        username: cn
        idAttr: DN
        emailAttr: mail
        nameAttr: displayName
      groupSearch:
        baseDN: "ou=Groups,dc=example,dc=com"
        filter: "(objectClass=groupOfUniqueNames)"
        userAttr: DN
        groupAttr: uniqueMember
        nameAttr: cn
@whereisaaron whereisaaron changed the title [LDAP connector] Document that 'DN" must be in capitals [LDAP connector] Document that 'DN' must be in capitals Feb 14, 2018
@whereisaaron
Copy link
Author

whereisaaron commented Feb 15, 2018
edited

I found a mention of the magic capitalization behavior here:
https://github.com/coreos/dex/blob/master/examples/config-ldap.yaml#L29

Just need the same in the connector documentation page.

@OwenTuz OwenTuz mentioned this issue Nov 26, 2018
Merged
@srenatus
Copy link
Contributor

@whereisaaron I guess @OwenTuz's fine little change does the trick here, what do you think? (Optimistically, I'm closing this issue. Feel free to re-open.)

@whereisaaron
Copy link
Author

It all helps @srenatus! I don't think 'DN' ought to be case specific when LDAP normally isn't, but so long as you know this connector behavior you can work with it.

@ieugen ieugen mentioned this issue Nov 26, 2020
Closed
@benjaminapetersen
Copy link

Does this mean ANY reference of DN? I am assuming yes. A couple examples from the above docs page just for clarification:

# Dex config example from dex docs
userSearch:
  idAttr: DN # this is caps, if it is DN 

# as well as this:
groupSearch:
  userMatchers:
  - userAttr: DN   # this is caps, again because DN, assuming DN (only) must always be caps
    groupAttr: member
  - userAttr: uid  # not caps, cuz not DN
    groupAttr: memberUid

Curious, does anyone know why DN gets this unique treatment?

@benjaminapetersen
Copy link

Updated link to the configuration page as the above references are broken links now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/connector kind/documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@benjaminapetersen @srenatus @whereisaaron