obs-docu icon indicating copy to clipboard operation
obs-docu copied to clipboard

Published 20 hours ago verified publisher icon openSUSE

Clean OBS setup not checking `admin` group on LDAP server

Open byteduty opened this issue 4 years ago • 3 comments

Following the guide here: https://openbuildservice.org/help/manuals/obs-admin-guide/obs.cha.administration.html

My interpretation of the documentation on this line:

ldap_obs_admin_group | Group name for OBS Admins |   | if set, members of that group become OBS admin role
-- | -- | -- | --

Is that anybody in the said LDAP group should have an Admin role on OBS?

However, although my LDAP works for a standard user login, none of the users who are members of the admin group have ADMIN privilege on OBS.

Additionally, I did some debugging on my openldap server, and I do not see a request for the ADMIN group at any time.

Does the option "ldap_obs_admin_group: obs-adm" actually work?

Thanks, Colin.

byteduty avatar Dec 16 '20 10:12 byteduty

There is no trace of this option in the source code. This is a case of wrong documentation.

hennevogel avatar Jan 04 '21 13:01 hennevogel

@hennevogel Does this mean there is no means to describe the OBS users with admin privileges in LDAP? If so that is a fairly major hole in the LDAP support.

byteduty avatar Jan 05 '21 12:01 byteduty

Can't say, I'm not too familiar with that part sorry.

hennevogel avatar Jan 05 '21 16:01 hennevogel