More options for ldap group membership #22
Conversation
| '(uniqueMember={userdn})' | ||
| '(memberUid={uid})' | ||
| ')' | ||
| ).format(userdn=userdn, uid=username) |
There was a problem hiding this comment.
I am passing the uid/username. uid in the sense of rfc2307. According to the RFC:
To avoid confusion, the term "login name" refers to the user's login
name (being the value of the uid attribute) and the term "user ID"
refers to he user's integer identification number (being the value of
the uidNumber attribute).
So in this sense, group members are listed in the group with the following ldif:
dn: cn=some_group,ou=Groups,dc=example,dc=com
cn: some_group
gidNumber: 10000
objectClass: posixGroup
objectClass: top
memberUid: someusername
memberUid: someotherusername
|
OpenLDAP is extensible and can be setup to provide either RFC2307 or RFC2307bis trivially. My LDAP schema was defined several years ago based on RFC2307. |
|
Thanks for the patch! I'll cut a release soon :) |
LDAP groups are not entirely one standard. I've added rfc2307 support, as rfc2307bis was mostly there.
rfc2307 defines members of a group to be a short name associated with the
memberUidattribute. Think of/etc/grouprfc2307bis defines members as full DNs associated with either member or uniqueMember attributes.
This adds memberUid and uniqueMember to the search query and attribute list for the group membership search.