Sonar Plugins

Group mapping with uid in memberAttribute

Details

  • Type: Improvement Improvement
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: LDAP-1.1.1
  • Fix Version/s: LDAP-1.2
  • Component/s: LDAP
  • Labels:
    None
  • Testcase included:
    yes
  • Patch Submitted:
    Yes
  • Number of attachments :
    1

Description

Our LDAP is used also for system accounts, so groups have objectClass posixGroup and users posixAccount. Users are added to groups via memberUid attribute, which contains only uid, not the whole dn string.

Such state in LDAP is incompatible with the Sonar LDAP plugin, because it can use only the whole dn string (uniqueMember) as user's id.

Target of this issue - more general access for obtaining user's groups so I can use the user's login or another filter.

Issue Links

is related to

Improvement - An improvement or enhancement to an existing feature or task. SONARPLUGINS-1962 Allow to customize query for users

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
David Matejcek added a comment -

Some more info ...
http://sonar.15.n6.nabble.com/How-to-get-groups-with-LDAP-plugin-1-1-1-tt4912711.html
https://github.com/dmatej/sonar-ldap-plugin

Show
David Matejcek added a comment - Some more info ... http://sonar.15.n6.nabble.com/How-to-get-groups-with-LDAP-plugin-1-1-1-tt4912711.html https://github.com/dmatej/sonar-ldap-plugin
Hide
Permalink
Fulop Levente added a comment -

We are in the same situation. With the original 1.1.1 LDAP plugin, the groups can not be fetched from LDAP.
After building the patched LDAP plugin from David, the groups are fetched from LDAP.

Show
Fulop Levente added a comment - We are in the same situation. With the original 1.1.1 LDAP plugin, the groups can not be fetched from LDAP. After building the patched LDAP plugin from David, the groups are fetched from LDAP.
Hide
Permalink
Evgeny Mandrikov added a comment - - edited

David, thanks for your patch - it gave me an idea of how to make really flexible implementation.

In r5649 properties 'ldap.group.objectClass' and 'ldap.group.memberAttribute' were replaced by new property 'ldap.group.request', but backward compatibility was kept (warning will be logged in server log with explanation of required changes for configuration). Some examples of values for this new property :

Default: (&(objectClass=groupOfUniqueNames)(uniqueMember={dn}))
For Active Directory: (&(objectClass=group)(member={dn}))
For Posix Groups: (&(objectClass=posixGroup)(memberUid={uid}))
And even mixed: (|(&(objectClass=posixGroup)(memberUid={uid}))(&(objectClass=group)(member={dn})))
Show
Evgeny Mandrikov added a comment - - edited David, thanks for your patch - it gave me an idea of how to make really flexible implementation. In r5649 properties 'ldap.group.objectClass' and 'ldap.group.memberAttribute' were replaced by new property 'ldap.group.request', but backward compatibility was kept (warning will be logged in server log with explanation of required changes for configuration). Some examples of values for this new property : Default: (&(objectClass=groupOfUniqueNames)(uniqueMember={dn})) For Active Directory: (&(objectClass=group)(member={dn})) For Posix Groups: (&(objectClass=posixGroup)(memberUid={uid})) And even mixed: (|(&(objectClass=posixGroup)(memberUid={uid}))(&(objectClass=group)(member={dn})))
Hide
Permalink
Eric Hartmann added a comment -

Tested on our internal LDAP, everything works perfectly.

Show
Eric Hartmann added a comment - Tested on our internal LDAP, everything works perfectly.
Hide
Permalink
Evgeny Mandrikov added a comment -

Integration tests already cover this feature and support of backward compatibility.

Show
Evgeny Mandrikov added a comment - Integration tests already cover this feature and support of backward compatibility.

People

  • Assignee:
    Evgeny Mandrikov
    Reporter:
    David Matejcek
Vote (1)
Watch (4)

Dates

  • Created:
    Updated:
    Resolved: