• Type: Improvement
• Resolution: Fixed
• Priority: Major
• Fix Version/s: 2.5.4, 2.7, 3.9
• Affects Version/s: 2.3
• Component/s: None
• Labels:

  None

[RUNTIME-687] The GroupDrivenLdapGroupsManager doesn't handle memberUid attributes

Collapse comment: Laurence Perier added a comment - 31/Mar/14 10:50

Laurence Perier added a comment - 31/Mar/14 10:50

Users are not listed in the group.
The problem must be at the request.

Expand comment: Laurence Perier added a comment - 31/Mar/14 10:50

Laurence Perier added a comment - 31/Mar/14 10:50 Users are not listed in the group. The problem must be at the request.

Collapse comment: Nicolas Gavalda (Inactive) added a comment - 16/Jan/13 18:18

Nicolas Gavalda (Inactive) added a comment - 16/Jan/13 18:18

memberUid attributes are now supported.

Expand comment: Nicolas Gavalda (Inactive) added a comment - 16/Jan/13 18:18

Nicolas Gavalda (Inactive) added a comment - 16/Jan/13 18:18 memberUid attributes are now supported.

Collapse comment: Nicolas Gavalda (Inactive) added a comment - 05/Mar/12 14:25

Nicolas Gavalda (Inactive) added a comment - 05/Mar/12 14:25

Handling membership attributes containing only the person uid (memberUid) is an improvement.

Expand comment: Nicolas Gavalda (Inactive) added a comment - 05/Mar/12 14:25

Nicolas Gavalda (Inactive) added a comment - 05/Mar/12 14:25 Handling membership attributes containing only the person uid (memberUid) is an improvement.

Collapse comment: Nicolas Gavalda (Inactive) added a comment - 05/Mar/12 11:59, Edited by Nicolas Gavalda - 16/Jan/13 17:27

Nicolas Gavalda (Inactive) added a comment - 05/Mar/12 11:59 - edited

The current GroupDrivenLdapGroupsManager currently handles only LDAP groups of class "groupOfNames", where memberships are defined as absolute or relative DN:

dn: cn=student,ou=groups,dc=anycontent,dc=anyware
objectClass: groupOfNames
cn: student
member: uid=ngavalda,ou=people,dc=anycontent,dc=anyware    # absolute
member: uid=raphael                                        # relative

Hence the query to retrieve a user's groups: (member=uid={0},ou=people,dc=anycontent,dc=anyware)

If you have only the user uid as the memberUid group attribute, you must have a "posixGroup" class, which is not handled for the moment.

Expand comment: Nicolas Gavalda (Inactive) added a comment - 05/Mar/12 11:59, Edited by Nicolas Gavalda - 16/Jan/13 17:27

Nicolas Gavalda (Inactive) added a comment - 05/Mar/12 11:59 - edited The current GroupDrivenLdapGroupsManager currently handles only LDAP groups of class "groupOfNames", where memberships are defined as absolute or relative DN: dn: cn=student,ou=groups,dc=anycontent,dc=anyware objectClass: groupOfNames cn: student member: uid=ngavalda,ou=people,dc=anycontent,dc=anyware # absolute member: uid=raphael # relative Hence the query to retrieve a user's groups: (member=uid={0},ou=people,dc=anycontent,dc=anyware) If you have only the user uid as the memberUid group attribute, you must have a "posixGroup" class, which is not handled for the moment.

Collapse comment: Raphaël Franchet added a comment - 02/Mar/12 10:57

Raphaël Franchet added a comment - 02/Mar/12 10:57

and again this is strange

                    String userDN = (String) members.next();
                    
                    // Récuperer le login
                    Matcher matcher = _loginExtractionPattern.matcher(userDN);
                    if (matcher.matches())
                    {
                        // Ajouter le login de l'utilisateur courant
                        group.addUser(matcher.group(1));
                    }
                    else
                    {
                        if (getLogger().isWarnEnabled())
                        {
                            getLogger().warn("Unable to get the uid from the LDAP RDN entry : " + userDN);
                        }
                    }

In our ldap, the userDN is directly the login...

Expand comment: Raphaël Franchet added a comment - 02/Mar/12 10:57

Raphaël Franchet added a comment - 02/Mar/12 10:57 and again this is strange String userDN = ( String ) members.next(); // Récuperer le login Matcher matcher = _loginExtractionPattern.matcher(userDN); if (matcher.matches()) { // Ajouter le login de l'utilisateur courant group.addUser(matcher.group(1)); } else { if (getLogger().isWarnEnabled()) { getLogger().warn( "Unable to get the uid from the LDAP RDN entry : " + userDN); } } In our ldap, the userDN is directly the login...

Collapse comment: Raphaël Franchet added a comment - 02/Mar/12 10:54

Raphaël Franchet added a comment - 02/Mar/12 10:54

The field _usersRelativeDN is useless for such an impl ?
So the associated config parameter is also useless

Moreover
filter.append(_groupsMemberAttribute);
filter.append("=" + _usersLoginAttribute + "=

{0},");
should be
filter.append(_groupsMemberAttribute);
filter.append("={0}

,");

Expand comment: Raphaël Franchet added a comment - 02/Mar/12 10:54

Raphaël Franchet added a comment - 02/Mar/12 10:54 The field _usersRelativeDN is useless for such an impl ? So the associated config parameter is also useless Moreover filter.append(_groupsMemberAttribute); filter.append("=" + _usersLoginAttribute + "= {0},"); should be filter.append(_groupsMemberAttribute); filter.append("={0} ,");