gitlab-ce-ldap-sync icon indicating copy to clipboard operation
gitlab-ce-ldap-sync copied to clipboard
verified publisher icon Adambean

No matching user name found for group member attribute "uniquemember".

Open yasenv-code opened this issue 5 years ago • 6 comments

Hello Adam,

I have the following setup:

queries:
        baseDn:                         dc=awd-group,dc=tech

        userDn:                         ou=People
        userFilter:                     "(objectClass=inetOrgPerson)"
        userUniqueAttribute:            "cn"
        userMatchAttribute:             ~
        userNameAttribute:              "displayName"
        userEmailAttribute:             "mail"

        groupDn:                        "ou=Group"
        groupFilter:                    "(objectClass=groupOfUniqueNames)"
        groupUniqueAttribute:           "cn"
        groupMemberAttribute:           "uniqueMember"

And unfortunately I get this in the log:

[info] Found directory group "test-ldapgitlab".
[warning] Group #65 / member #1: Empty member attribute "uniquemember".
[warning] Group #65 / member #2: No matching user name found for group member attribute "uniquemember".
[warning] Group #65 / member #3: No matching user name found for group member attribute "uniquemember".
[notice] 0 directory group "test-ldapgitlab" member(s) recognised.

Where as you can see my LDAP has members.

image

yasenv-code avatar Mar 17 '20 22:03 yasenv-code

I'm pretty sure that @beharbunjaku implemented this in commit da977aa8007b84c194e6ed43857569641220fd46.

Adambean avatar Mar 18 '20 18:03 Adambean

Hi @yasenv-code, do you believe this is still an issue, or did the commit da977aa8007b84c194e6ed43857569641220fd46 resolve this for you?

Adambean avatar Nov 19 '20 19:11 Adambean

Yep, I still have the same error too.

iovcho avatar Feb 12 '21 16:02 iovcho

I wonder if this is a case sensitive issue. Does your directly have case sensitive attribute names? (E.g. are "uid" and "Uid" considered different. Usually .not.)

Adambean avatar Feb 13 '21 11:02 Adambean

I wonder if this is a case sensitive issue. Does your directly have case sensitive attribute names? (E.g. are "uid" and "Uid" considered different. Usually .not.)

Thanks for fast reply. I think the problem is here, but I am not sure and I don't know how can I fix it:

image

The error is: [warning] Group #1 / member #43: No matching user name found for group member attribute "uniquemember".

here is my config.yml image

I think the problem is uniquemember and uniqueMember (case senitive issue) , but I am not sure 100% . I cannot find where can I fix it.

iovcho avatar Feb 15 '21 08:02 iovcho

Interesting. I use groupOfUniqueNames too (from 389-DS) but I'm using memberUid instead of uniqueMember as the group member attribute. I should be in a position to test this and get back to you.

My initial thought would be that when the group is being iterated for members it's finding only full DNs within uniqueMember instead of just lone user names that memberUid has.

Adambean avatar Feb 15 '21 14:02 Adambean