SonarQube Plugins
  1. SonarQube Plugins
  2. SONARPLUGINS-1759

Group mapping with uid in memberAttribute

    Details

    • Type: Improvement Improvement
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: LDAP-1.1.1
    • Fix Version/s: LDAP-1.2
    • Component/s: LDAP
    • Labels:
      None
    • Testcase included:
      yes
    • Patch Submitted:
      Yes
    • Number of attachments :
      1

      Description

      Our LDAP is used also for system accounts, so groups have objectClass posixGroup and users posixAccount. Users are added to groups via memberUid attribute, which contains only uid, not the whole dn string.

      Such state in LDAP is incompatible with the Sonar LDAP plugin, because it can use only the whole dn string (uniqueMember) as user's id.

      Target of this issue - more general access for obtaining user's groups so I can use the user's login or another filter.

        Issue Links

          Activity

          Show
          David Matejcek added a comment - Some more info ... http://sonar.15.n6.nabble.com/How-to-get-groups-with-LDAP-plugin-1-1-1-tt4912711.html https://github.com/dmatej/sonar-ldap-plugin
          Hide
          Fulop Levente added a comment -

          We are in the same situation. With the original 1.1.1 LDAP plugin, the groups can not be fetched from LDAP.
          After building the patched LDAP plugin from David, the groups are fetched from LDAP.

          Show
          Fulop Levente added a comment - We are in the same situation. With the original 1.1.1 LDAP plugin, the groups can not be fetched from LDAP. After building the patched LDAP plugin from David, the groups are fetched from LDAP.
          Hide
          Evgeny Mandrikov added a comment - - edited

          David, thanks for your patch - it gave me an idea of how to make really flexible implementation.

          In r5649 properties 'ldap.group.objectClass' and 'ldap.group.memberAttribute' were replaced by new property 'ldap.group.request', but backward compatibility was kept (warning will be logged in server log with explanation of required changes for configuration). Some examples of values for this new property :

          Default: (&(objectClass=groupOfUniqueNames)(uniqueMember={dn}))
          For Active Directory: (&(objectClass=group)(member={dn}))
          For Posix Groups: (&(objectClass=posixGroup)(memberUid={uid}))
          And even mixed: (|(&(objectClass=posixGroup)(memberUid={uid}))(&(objectClass=group)(member={dn})))
          
          Show
          Evgeny Mandrikov added a comment - - edited David, thanks for your patch - it gave me an idea of how to make really flexible implementation. In r5649 properties 'ldap.group.objectClass' and 'ldap.group.memberAttribute' were replaced by new property 'ldap.group.request', but backward compatibility was kept (warning will be logged in server log with explanation of required changes for configuration). Some examples of values for this new property : Default: (&(objectClass=groupOfUniqueNames)(uniqueMember={dn})) For Active Directory: (&(objectClass=group)(member={dn})) For Posix Groups: (&(objectClass=posixGroup)(memberUid={uid})) And even mixed: (|(&(objectClass=posixGroup)(memberUid={uid}))(&(objectClass=group)(member={dn})))
          Hide
          Eric Hartmann added a comment -

          Tested on our internal LDAP, everything works perfectly.

          Show
          Eric Hartmann added a comment - Tested on our internal LDAP, everything works perfectly.
          Hide
          Evgeny Mandrikov added a comment -

          Integration tests already cover this feature and support of backward compatibility.

          Show
          Evgeny Mandrikov added a comment - Integration tests already cover this feature and support of backward compatibility.

            People

            • Assignee:
              Evgeny Mandrikov
              Reporter:
              David Matejcek
            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: