crowd-ldap-server icon indicating copy to clipboard operation
crowd-ldap-server copied to clipboard

Published 20 hours ago verified publisher icon dwimberger

Added option to return all groups for a user using member attribute

Open bonhamcm opened this issue 11 years ago • 2 comments

bonhamcm avatar Jan 28 '14 14:01 bonhamcm

It would be very nice, if this commit could be merged in the repository. Without it, i had no chance to access the Crowd groups.

With this patch I could access the Crowd groups from Gitblit but I got an exception at the end:

::filter=(|(&(2.5.4.0=groupofnames)(!(2.5.4.31=*)))(2.5.4.0=referral))
[15:48:41] ERROR [net.wimpi.crowd.ldap.CrowdPartition] - findOneLevel()
org.apache.directory.shared.ldap.exception.LdapInvalidDnException: ERR_04195 Unexpected character {0} at position 0. Excpected start of attributeType.
  at org.apache.directory.shared.ldap.name.FastDnParser.matchAttributeType(FastDnParser.java:296)
  at org.apache.directory.shared.ldap.name.FastDnParser.parseRdnInternal(FastDnParser.java:159)
  at org.apache.directory.shared.ldap.name.FastDnParser.parseDn(FastDnParser.java:101)
  at org.apache.directory.shared.ldap.name.DnParser.parseInternal(DnParser.java:90)
  at org.apache.directory.shared.ldap.name.DN.<init>(DN.java:165)
  at net.wimpi.crowd.ldap.CrowdPartition.findOneLevel(CrowdPartition.java:459)
  at net.wimpi.crowd.ldap.CrowdPartition.findSubTree(CrowdPartition.java:517)
  at net.wimpi.crowd.ldap.CrowdPartition.search(CrowdPartition.java:537)
  at org.apache.directory.server.core.partition.DefaultPartitionNexus.search(DefaultPartitionNexus.java:876)
…

It seems, that some speciality in the LDAP team selection in Gitblit is the reason: the filter criteria for empty groups. Here is the configuration:

# Filter criteria for LDAP groups
#
# Query pattern to use when searching for a team. This may be any valid 
# LDAP query expression, including the standard (&) and (|) operators.
#
realm.ldap.groupMemberPattern = (&(objectClass=groupOfNames)(member=${dn}))

# Filter criteria for empty LDAP groups
#
# Query pattern to use when searching for an empty team. This may be any valid 
# LDAP query expression, including the standard (&) and (|) operators.
#
realm.ldap.groupEmptyMemberPattern = (&(objectClass=groupOfNames)(!(member=*)))

I was able to avoid the exception by replacing the following line from the commit

} else if (filter.toString().contains("(2.5.4.31=")) {

with this line

} else if (!filter.toString().contains("!(2.5.4.31=") && filter.toString().contains("(2.5.4.31=")) {

.

SEBiGEM avatar Jul 18 '14 14:07 SEBiGEM

:+1:

bassrock avatar Sep 15 '15 17:09 bassrock