My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 3382: Native support for multiple LDAP servers
5 people starred this issue and may be notified of changes. Back to list
Status:  New
Owner:  ----


Sign in to add a comment
 
Reported by baron.vo...@gmail.com, May 20, 2015
Even though there is a reverse proxy solution [1] to stand up Apache/NGINX to authenticate to multiple LDAP servers and have Gerrit use the authentication from Apache/NGINX, it is not without it's own issues. The most common seems to be the inability to log out [2]. 

It would be really nice if the Gerrit could try multiple LDAP connections. The gerrit.config could just have multiple [ldap "name"] entries with a searchOrder value that indicates which order to authenticate with and the first match wins.

[auth]
    type = LDAP
[ldap "domain-A"]
    searchOrder = 1
    server = ldap://ldap.example.com:3268
    username = binduser
    accountBase = OU=UnitA,DC=example,DC=com
    groupBase = OU=UnitA,DC=example,DC=com
    accountPattern = (sAMAccountName=${username})
    accountFullName = displayName
    accountEmailAddress = mail
[ldap "domain-B"]
    searchOrder = 2
    server = ldap://ldap-2.example2.com:3268
    username = binduser
    accountBase = OU=UnitB,DC=example2,DC=com
    groupBase = OU=UnitB,DC=example2,DC=com
    accountPattern = (sAMAccountName=${username})
    accountFullName = displayName
    accountEmailAddress = mail


[1] https://groups.google.com/d/topic/repo-discuss/YZvpqo2BqOY/discussion
[2] https://groups.google.com/d/topic/repo-discuss/7ojGVGE8iSU/discussion
Sign in to add a comment

Powered by Google Project Hosting