| Issue 1466: | Access Rules via LDAP-Group membership don't work | |
| 3 people starred this issue and may be notified of changes. | Back to list |
Affected Version: 2.4.1 What steps will reproduce the problem? 1. Create two groups that your account is part of. Configure one group to be an LDAP-group, the other one just a regular one. 2. Create a new project. Grant "Create References" on "refs/heads/*" to the LDAP-group. 3. Push an existing project to the repo. What is the expected output? What do you see instead? One would expect that the push works and results in "[new branch]", but instead, I get an error message: "can not create new references" 4. However, if I grant the very same Priviledge to the non-LDAP-group, it works. Please provide any additional information below. Searching for the LDAP-group works fine and authenticating via LDAP as well. The group itself is properly configured on LDAP. The distinguished name of my account is a member of it. The same configuration is used for other services and works for them. The Groups dn is: cn=Developers,ou=gerrit,ou=groups,dc=bauinformatik,dc=tu-berlin,dc=de The LDAP-configuration in the gerrit.config is: [auth] type = LDAP [ldap] server = ldaps://localhost:636 username = cn=gerrit-manager,ou=manager,dc=bauinformatik,dc=tu-berlin,dc=de accountBase = ou=people,dc=bauinformatik,dc=tu-berlin,dc=de groupBase = ou=gerrit, ou=groups,dc=bauinformatik,dc=tu-berlin,dc=de accountFullName = cn Possibly related: http://groups.google.com/group/repo-discuss/browse_thread/thread/4b44656fb9b0c72c/2afde0019b4b1308?lnk=gst&q=LDAP#2afde0019b4b1308
Jul 10, 2012
#1
patricks...@googlemail.com
Jul 10, 2012
accountFullName probably should be ${cn} to actually set it to the value of cn, rather than the literal text "cn".
Jul 10, 2012
I changed accountFullName to ${cn} but nothing changed.
And displaying the account's proper Full Name worked before as well.
Jan 27, 2015
Hello guys, we have faced similar problem with Gerrit 2.9.4 But in our case we have both "working" and "non-working" groups in LDAP (Active Directory). So, setting one - gives permissions, setting another - we have no permissions. Could you please advise what could be the issue and how could we debug it? Also please advise when Gerrit reads members of the Group? How often does it synchronizes members from AD groups? |
|
| ► Sign in to add a comment |