Added LDAP Group Sync for Single LDAP Schema #3996
Conversation
stevekuznetsov
force-pushed
the
skuznets/ldap-group-sync
branch
5 times, most recently
from
a2054ab
to
72618af
Compare
| groupGetter: extractor, | ||
| } | ||
| } | ||
| extractor.groupNameMapper = nameMapper |
There was a problem hiding this comment.
When we wanted to break out a GroupNameMapper as a discrete object and allow us to substitute whatever for it, we run into this cyclical dependency where you can't create the DataExtractor without populating the GroupNameMapper but the GroupNameMapper needs to have a pointer to a groupGetter, which is the DataExtractor itself.
stevekuznetsov
force-pushed
the
skuznets/ldap-group-sync
branch
8 times, most recently
from
0276eee
to
6ba0050
Compare
| c.ServerName = a.options.URL.Host | ||
| } | ||
| tlsConfig = &c | ||
| serverConfig := &ldaputil.LDAPServerConfig{ |
There was a problem hiding this comment.
Why don't the Options contain an LDAPServerConfig directly?
stevekuznetsov
force-pushed
the
skuznets/ldap-group-sync
branch
from
6ba0050
to
e80bdd7
Compare
| // LDAPSyncTypeFirstClassUserss defines an LDAP schema where users are stored as first-class LDAP | ||
| // entries with an attribute containing a list of groups they are a member of, with groups listed | ||
| // by a unique name, with no additional group metadata in the LDAP server. | ||
| LDAPSchemaTypeFirstClassUserss LDAPSchemaType = "FirstClassUserss" |
stevekuznetsov
force-pushed
the
skuznets/ldap-group-sync
branch
2 times, most recently
from
0390f11
to
62a194e
Compare
| WhitelistContents []string // added to loaded config from cli input | ||
|
|
||
| // Type determines which LDAP server schema exists for the sync | ||
| Type LDAPSchemaType |
There was a problem hiding this comment.
I don't think I like this. I'd rather split into different types based on the LDAPSchemaType rather than have one object that contains it all.
There was a problem hiding this comment.
This is something I borrowed from our buildapi - it was a very common thing there. Pros/cons? Clearly having <nil> parts of the config object isn't the best, but otherwise we will have three objects that are exactly the same save this one part.
| allAttributes := util.NewStringSet(o.NameAttributes...) | ||
| allAttributes.Insert(additionalAttributes...) | ||
|
|
||
| if o.QueryAttribute == "DN" || o.QueryAttribute == "dn" { |
stevekuznetsov
force-pushed
the
skuznets/ldap-group-sync
branch
4 times, most recently
from
c8603a1
to
e9e6bf3
Compare
|
@deads2k Addressed comments. Added unit tests. Extended test is failing to connect to the LDAP server, and I cannot get the build for the server to succeed when running locally, but when I run the build as part of the extended test locally, I have no issues. |
stevekuznetsov
force-pushed
the
skuznets/ldap-group-sync
branch
from
e9e6bf3
to
88e074e
Compare
stevekuznetsov
changed the title
|
[test][extended] |
|
Flake on Travis in cc: @liggitt |
|
Evaluated for origin test up to 88e074e |
|
@stevekuznetsov squash this to something more reasonable. I'd guess
Fix the problem with "I will not merge this. That contract is insane. Lists don't fail on empty result sets." and I think I'll merge it warts and all unless @liggitt yells. |
stevekuznetsov
force-pushed
the
skuznets/ldap-group-sync
branch
from
88e074e
to
47cbb68
Compare
|
Changes Unknown when pulling 47cbb68 on stevekuznetsov:skuznets/ldap-group-sync into ** on openshift:master**. |
@deads2k @liggitt
Implementation in place, testing in place
but blocked from running by openshift/openldap#6.Implementation for following schema only: