My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 2054: LDAP groups don't honor default group for a user
1 person starred this issue and may be notified of changes. Back to list
Status:  Released
Owner:  ----
Closed:  Aug 2013


Sign in to add a comment
 
Reported by geekmug, Aug 11, 2013
Affected Version: 2.6.1

What steps will reproduce the problem?
1. Configure Gerrit for LDAP authentication.
2. Add ACL to a project for the LDAP group of the default group for a user (i.e., the user's gidNumber).
3. Try to use that user to access that project with the permission granted by that ACL.

What is the expected output? What do you see instead?

This fails to work because users who have their gidNumber set to a group are not listed as memberUid nor memberOf to the group specified by the gidNumber. To test for group membership on LDAP, it is typically required to both check for the memberUid, memberOf, and/or the other enumerating attributes, but also to check if the user's gidNumber matches the group's gidNumber. This check is not performed by Gerrit currently.

Aug 11, 2013
#1 geekmug
I submitted a changeset to fix this[1].

[1] https://gerrit-review.googlesource.com/#/c/48690/
Aug 12, 2013
#2 sop@google.com
(No comment was entered for this change.)
Status: Submitted
Labels: FixedIn-2.8
Aug 12, 2013
Project Member #3 david.pu...@sonymobile.com
(No comment was entered for this change.)
Labels: -FixedIn-2.8 FixedIn-2.6.2
Dec 9, 2013
Project Member #4 david.pu...@sonymobile.com
(No comment was entered for this change.)
Labels: -FixedIn-2.6.2 FixedIn-2.8
Dec 9, 2013
Project Member #5 david.pu...@sonymobile.com
(No comment was entered for this change.)
Labels: -FixedIn-2.8 FixedIn-2.7
Dec 9, 2013
Project Member #6 david.pu...@sonymobile.com
(No comment was entered for this change.)
Status: Released
Sign in to add a comment

Powered by Google Project Hosting