-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added LDAP Group Sync for Single LDAP Schema #3996
Added LDAP Group Sync for Single LDAP Schema #3996
Conversation
a2054ab
to
72618af
Compare
groupGetter: extractor, | ||
} | ||
} | ||
extractor.groupNameMapper = nameMapper |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When we wanted to break out a GroupNameMapper
as a discrete object and allow us to substitute whatever for it, we run into this cyclical dependency where you can't create the DataExtractor
without populating the GroupNameMapper
but the GroupNameMapper
needs to have a pointer to a groupGetter
, which is the DataExtractor
itself.
0276eee
to
6ba0050
Compare
c.ServerName = a.options.URL.Host | ||
} | ||
tlsConfig = &c | ||
serverConfig := &ldaputil.LDAPServerConfig{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why don't the Options
contain an LDAPServerConfig
directly?
6ba0050
to
e80bdd7
Compare
// LDAPSyncTypeFirstClassUserss defines an LDAP schema where users are stored as first-class LDAP | ||
// entries with an attribute containing a list of groups they are a member of, with groups listed | ||
// by a unique name, with no additional group metadata in the LDAP server. | ||
LDAPSchemaTypeFirstClassUserss LDAPSchemaType = "FirstClassUserss" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
double s typo
0390f11
to
62a194e
Compare
WhitelistContents []string // added to loaded config from cli input | ||
|
||
// Type determines which LDAP server schema exists for the sync | ||
Type LDAPSchemaType |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think I like this. I'd rather split into different types based on the LDAPSchemaType
rather than have one object that contains it all.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is something I borrowed from our buildapi
- it was a very common thing there. Pros/cons? Clearly having <nil>
parts of the config object isn't the best, but otherwise we will have three objects that are exactly the same save this one part.
allAttributes := util.NewStringSet(o.NameAttributes...) | ||
allAttributes.Insert(additionalAttributes...) | ||
|
||
if o.QueryAttribute == "DN" || o.QueryAttribute == "dn" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why not case insensitive?
c8603a1
to
e9e6bf3
Compare
@deads2k Addressed comments. Added unit tests. Extended test is failing to connect to the LDAP server, and I cannot get the build for the server to succeed when running locally, but when I run the build as part of the extended test locally, I have no issues. |
e9e6bf3
to
88e074e
Compare
[test][extended] |
Flake on Travis in
cc: @liggitt |
Evaluated for origin test up to 88e074e |
@stevekuznetsov squash this to something more reasonable. I'd guess
Fix the problem with "I will not merge this. That contract is insane. Lists don't fail on empty result sets." and I think I'll merge it warts and all unless @liggitt yells. |
88e074e
to
47cbb68
Compare
Changes Unknown when pulling 47cbb68 on stevekuznetsov:skuznets/ldap-group-sync into ** on openshift:master**. |
@deads2k @liggitt
Implementation in place, testing in place
but blocked from running by openshift/openldap#6.Implementation for following schema only: