My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 271: recursive LDAP group query
  Back to list
Status:  Released
Owner:  m.bn...@gmail.com
Closed:  Oct 2012


Sign in to add a comment
 
Reported by code-rev...@gtempaccount.com, Sep 24, 2009
Reported by Eric Tsai <erictsai@erictsai.tw> on Mon Aug 31 07:12:08 PDT 2009
Source: JIRA GERRIT-272
Affected Version: 2.0.19.2

Here is my configuratin:
       accountBase = DC=ABC,DC=COM
       accountPattern = (&(objectClass=user)(sAMAccountName=${username}))
       groupBase = DC=ABC,DC=COM
       groupMemberPattern = (&(objectClass=group)(member=${distinguishedName}))

In Windows Active Directory, a group often contains other groups.
In this case, Gerrit should recursively search groupMemberPattern in (&
(objectClass=group)
(distinguishedName=Value_Of_Member_Attribute_From_Parent_Group)).
Sep 24, 2009
#1 sop+code@google.com
Is it possible to do something like what [1] suggests?

  groupMemberPattern = (&(objectClass=group)(member:1.2.840.113556.1.4.1941:=${distinguishedName}))

According to the linked article, this requires Windows Server 2003
Service Pack 2 or Windows Server 2007.  Since its 2009 I would like to
think that most directory servers have 2003 SP2 installed, or have
upgraded to 2007 already.

[1] http://www.msresource.net/knowledge_base/articles/info:_what_are_active_directory_recursive_queries.html
Owner: s...@google.com
Sep 24, 2009
#2 sop+code@google.com
(No comment was entered for this change.)
Owner: ---
Sep 28, 2009
#3 sop+code@google.com
 Issue 283  tries to add more native ActiveDirectory support, which is the exact system 
that runs into this problem.
Status: Accepted
Owner: m.bnovc
Blockedon: 283
Sep 28, 2009
Project Member #4 m.bn...@gmail.com
Eric, were you able to get non-recursive Active Directory groups to work with Gerrit?

 Issue 283  is because I was unable to get them to work at all but maybe newer versions
of AD support Gerrit's built-in queries.
Oct 6, 2009
#5 sop+code@google.com
Fixed by I3196a8e9f5c08dedccd05d2de10c55042933e427
Status: Fixed
Labels: FixedIn-2.0.24
Oct 21, 2012
#6 sop@google.com
(No comment was entered for this change.)
Status: Released
Blockedon: -gerrit:283
Sign in to add a comment

Powered by Google Project Hosting