My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 2425: Add Ldap_bind username formating configuration option
4 people starred this issue and may be notified of changes. Back to list
Status:  New
Owner:  ----


Sign in to add a comment
 
Reported by hiramvan...@gmail.com, Jan 24, 2014
We must use LDAP_BIND to connect to our AD because it gives better security. 
This forces us to use <username>@domain.com usernames for the frontend 
We use

accountPattern = (&(objectClass=person)(userPrincipalName=${username}))

to make it work. 
See also this discussion: https://groups.google.com/forum/#!topic/repo-discuss/zRzCCfrNFVk

All our other tools connecting to the same AD use only the username part to login.

We would like a configuration option which allows some flexibilty in the usernames.

Proposed solution:

Add a configuration option like this: https://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Configuration_Options#Straight_DN_bind_options

for example:
[ldap]
    accountBindString = "${username}@domain.com"

The expanded value of that is then used as a bind dn instead of username directly

This allows "simple" usernames while still using LDAP_BIND

Nov 25, 2014
#1 ps...@humboldt.edu
Yes. This should be an obvious feature. As it stands, Gerrit will not work with ldap servers that do not allow anonymous binds unless it has a specific binddn.

Sign in to add a comment

Powered by Google Project Hosting