Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP backend for graph API doesn't handle binary UUID correctly #5815

Closed
rhafer opened this issue Mar 13, 2023 · 1 comment
Closed

LDAP backend for graph API doesn't handle binary UUID correctly #5815

rhafer opened this issue Mar 13, 2023 · 1 comment
Assignees
@rhafer
Labels
p3-medium Type:Bug

Comments

@rhafer
Copy link
Contributor

rhafer commented Mar 13, 2023

Describe the bug

The IDP and the reva service allow to use binary encode UUIDs as the user/group ids (by setting LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING="true", LDAP_USER_SCHEMA_ID_IS_OCTETSTRING="true" and IDP_LDAP_UUID_ATTRIBUTE_TYPE=binary. This is important as Active Directory's objectGUID attribute is encoded that way.

Unfortunately the LDAP backend in graph is currently lacking support for handling those types of user ids. In order to support AD as a user backend we need to add LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING="true"andLDAP_USER_SCHEMA_ID_IS_OCTETSTRING="true"`support to the graph service.
@rhafer rhafer mentioned this issue Mar 29, 2023
Closed
@rhafer
Copy link
Contributor Author

rhafer commented Apr 3, 2023

First part of the fix is here: cs3org/reva#3767

Some additional changes are required in the graph service. Fix will come after the above PR is merged.

@rhafer rhafer self-assigned this Apr 5, 2023
@rhafer rhafer moved this from Qualification to In progress in Infinite Scale Team Board Apr 5, 2023
rhafer added a commit to rhafer/ocis that referenced this issue Apr 27, 2023
@rhafer
graph: Allow using binary LDAP UUIDs as user ids
f0a4db4 
In Active Directories UUID attributes such as "objectGUID" use a binary
syntax (oposed to the standard UUID syntax defined in RFC4530). This
introduces a flag to enable support for binary UUIDs as the id for users
and groups (similar to what the "users" and "groups" services already
support)

Fixes: owncloud#5815
rhafer added a commit to rhafer/ocis that referenced this issue Apr 27, 2023
@rhafer
graph: Allow using binary LDAP UUIDs as user ids
56ea681 
In Active Directories UUID attributes such as "objectGUID" use a binary
syntax (oposed to the standard UUID syntax defined in RFC4530). This
introduces a flag to enable support for binary UUIDs as the id for users
and groups (similar to what the "users" and "groups" services already
support)

Fixes: owncloud#5815
rhafer added a commit to rhafer/ocis that referenced this issue May 2, 2023
@rhafer
graph: Allow using binary LDAP UUIDs as user ids
5987bc3 
In Active Directories UUID attributes such as "objectGUID" use a binary
syntax (oposed to the standard UUID syntax defined in RFC4530). This
introduces a flag to enable support for binary UUIDs as the id for users
and groups (similar to what the "users" and "groups" services already
support)

Fixes: owncloud#5815
rhafer added a commit to rhafer/ocis that referenced this issue May 2, 2023
@rhafer
graph: Allow using binary LDAP UUIDs as user ids
600e88e 
In Active Directories UUID attributes such as "objectGUID" use a binary
syntax (oposed to the standard UUID syntax defined in RFC4530). This
introduces a flag to enable support for binary UUIDs as the id for users
and groups (similar to what the "users" and "groups" services already
support)

Fixes: owncloud#5815
rhafer added a commit to rhafer/ocis that referenced this issue May 3, 2023
@rhafer
graph: Allow using binary LDAP UUIDs as user ids
13718e5 
In Active Directories UUID attributes such as "objectGUID" use a binary
syntax (oposed to the standard UUID syntax defined in RFC4530). This
introduces a flag to enable support for binary UUIDs as the id for users
and groups (similar to what the "users" and "groups" services already
support)

Fixes: owncloud#5815
@rhafer rhafer closed this as completed in 1ad3121 May 3, 2023
@github-project-automation github-project-automation bot moved this from In progress to Done in Infinite Scale Team Board May 3, 2023
fschade pushed a commit that referenced this issue Jul 10, 2023
@rhafer @fschade
graph: Allow using binary LDAP UUIDs as user ids
211d029 
In Active Directories UUID attributes such as "objectGUID" use a binary
syntax (oposed to the standard UUID syntax defined in RFC4530). This
introduces a flag to enable support for binary UUIDs as the id for users
and groups (similar to what the "users" and "groups" services already
support)

Fixes: #5815
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rhafer rhafer

Labels
p3-medium Type:Bug
Projects
Infinite Scale Team Board
Archived in project
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rhafer