Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
2.4.0
-
None
Description
in case of member attribute value looks like this:
"<SID=...>;<GUID=...>;cn=myCn,dc=apache,dc=org", then sync stop working.
adding 2 new properties (to find the dn or the id of the member):
"authentication.ldap.sync.userMemberReplacePattern"
"authentication.ldap.sync.groupMemberReplacePattern"
These values are empty by default.
Example usage:
If we got this as ldapsearch response for group member
"member="<SID=...>;<GUID=...>;cn=myCn,dc=apache,dc=org",
We need to define a regex which contains member group to specify the location of the DN or id e.g.(?<member>.*)
authentication.ldap.sync.userMemberReplacePattern=(?<sid>.*);(?<guid>.*);(?<member>.*)
Then the result will be: "cn=myCn,dc=apache,dc=org"
also added 2 another new properties for alternative solution:
"authentication.ldap.sync.userMemberFilter"
"authentication.ldap.sync.groupMemberFilter"
These values are also empty by default.
Example usage:
memberUid=mymemberId
then you can specify the filter for user sync:
"authentication.ldap.sync.userMemberFilter=(&(objectclass=posixaccount)(uid={member}))"
That filter will be used (with the baseDN) for gather user with the memberUid:
(&(objectclass=posixaccount)(uid=mymemberid))