| Issue 271: | recursive LDAP group query | |
| Back to list |
Reported by Eric Tsai <erictsai@erictsai.tw> on Mon Aug 31 07:12:08 PDT 2009
Source: JIRA GERRIT-272
Affected Version: 2.0.19.2
Here is my configuratin:
accountBase = DC=ABC,DC=COM
accountPattern = (&(objectClass=user)(sAMAccountName=${username}))
groupBase = DC=ABC,DC=COM
groupMemberPattern = (&(objectClass=group)(member=${distinguishedName}))
In Windows Active Directory, a group often contains other groups.
In this case, Gerrit should recursively search groupMemberPattern in (&
(objectClass=group)
(distinguishedName=Value_Of_Member_Attribute_From_Parent_Group)).
Sep 24, 2009
(No comment was entered for this change.)
Owner:
---
Sep 28, 2009
Issue 283 tries to add more native ActiveDirectory support, which is the exact system that runs into this problem.
Status:
Accepted
Owner: m.bnovc Blockedon: 283
Sep 28, 2009
Eric, were you able to get non-recursive Active Directory groups to work with Gerrit? Issue 283 is because I was unable to get them to work at all but maybe newer versions of AD support Gerrit's built-in queries.
Oct 6, 2009
Fixed by I3196a8e9f5c08dedccd05d2de10c55042933e427
Status:
Fixed
Labels: FixedIn-2.0.24
Oct 21, 2012
(No comment was entered for this change.)
Status:
Released
Blockedon: -gerrit:283 |
|
| ► Sign in to add a comment |
Is it possible to do something like what [1] suggests? groupMemberPattern = (&(objectClass=group)(member:1.2.840.113556.1.4.1941:=${distinguishedName})) According to the linked article, this requires Windows Server 2003 Service Pack 2 or Windows Server 2007. Since its 2009 I would like to think that most directory servers have 2003 SP2 installed, or have upgraded to 2007 already. [1] http://www.msresource.net/knowledge_base/articles/info:_what_are_active_directory_recursive_queries.html