MemberOf or IsMemberOf is not available on LDAP server #323
Comments
|
@adobeDan I added a feature to UST to support two-steps lookup. What do you think? |
|
Yes, this is worth doing for those few people who don't have the memberOf extension loaded. Look at the comments I left on your commit and make those changes before you create a PR. Also you'll need to update the actual docs; work with @phil-levy on that. One of the issues here is that some systems don't put the dn in the attribute, they put the oid (especially for uniqueMemberOf). We don't collect or keep OIDs anymore, so there's no way to look up by that. You might want to think about whether there's an easy way to go from the OID to the DN. |
|
For documentation, you can add a section to the chapter on random topics (in the User Manual, section Advanced Configuration). Just add a section at the end called "Special Configuration If IsMemberOf Is Not Available on Your LDAP Server". The file is |
|
@bhunut-adobe I'd like to get 2.3 out sometime in the next week or two. Do you think you'll have a chance to get this done? If not it will have to wait for 2.3.1. |
|
Is this feature still under development, or will it remain unsupported? @adobeDan @bhunut-adobe |
We have a couple of customers whose LDAP directory does not have MemberOf or IsMemberOf or similar virtual attribute enabled or supported on the LDAP server.
For UST to work for these customers, We will need to do 2 steps lookup.
We will need to look for Group object for group membership then take group membership DN and do a second lookup for Person object.
I believe pre UST 2.0 didn't utilize memberOf attribute. Is there a way to do this for the current version?
The text was updated successfully, but these errors were encountered: