-
Notifications
You must be signed in to change notification settings - Fork 113
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adjust "groupfilter" to be able to search by member name (#2436)
Previously the input for the LDAP Groupfilter to lookup all groups a specific user is member of was the userpb.UserId part of the User object. I.e. it assumed we could run a single LDAP query to get all groups a user is member of by specifying the userid. However most LDAP Servers store the GroupMembership by either username (e.g. in memberUID Attribute) or by the user's DN (e.g. in member/uniqueMember). The GetUserGroups method was already updated recently to do a two-staged lookup (first lookup the user's name by Id then search the Groups by username). This change just removes the userpb.UserId template processing from the GroupFilter and replaces it with a single string (the username) to get rid of the annoying `{{.}}` template values in the config. In the future we should add a config switch to also allow lookups by member DN.
- Loading branch information
Showing
5 changed files
with
22 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
Change: Replace template in GroupFilter for UserProvider with a simple string | ||
|
||
Previously the "groupfilter" configuration for the UserProvider expected a | ||
go-template value (based of of an `userpb.UserId` as it's input). And it | ||
assumed we could run a single LDAP query to get all groups a user is member of | ||
by specifying the userid. However most LDAP Servers store the GroupMembership | ||
by either username (e.g. in memberUID Attribute) or by the user's DN (e.g. in | ||
member/uniqueMember). | ||
|
||
This change removes the userpb.UserId template processing from the groupfilter | ||
and replaces it with a single string (the username) to cleanup the config a | ||
bit. Existing configs need to be update to replace the go template references | ||
in `groupfilter` (e.g. `{{.}}` or `{{.OpaqueId}}`) with `{{query}}`. | ||
|
||
https://github.com/cs3org/reva/pull/2436 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters