You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The groupmembership lookups in the user- and groupproviders assume that the membership attribute in a group directly maps to the user's name. So this basically only works with LDAP servers implementing the RFC2307 Schema (posixGroup). And even then only when the reva uid Attribute (OpaqueID) matches the user's name.
I think we need to make this a bit more flexible by supporting
"native" LDAP groups. I.e. groups using the groupOfNames Objectclass, where the member as listed as full DNs in the member Attribute
Allow the use of attributes other than the loginname for the uid for example entryUUID or objectGUID (in the ActiveDirectory case) without breaking group membership lookup.
The text was updated successfully, but these errors were encountered:
The groupmembership lookups in the user- and groupproviders assume that the membership attribute in a group directly maps to the user's name. So this basically only works with LDAP servers implementing the RFC2307 Schema (posixGroup). And even then only when the reva
uidAttribute (OpaqueID) matches the user's name.I think we need to make this a bit more flexible by supporting
groupOfNamesObjectclass, where the member as listed as full DNs in thememberAttributeentryUUIDorobjectGUID(in the ActiveDirectory case) without breaking group membership lookup.The text was updated successfully, but these errors were encountered: