diff options
| author | Scott Dial <geekmug@gmail.com> | 2013-08-11 16:52:51 -0400 |
|---|---|---|
| committer | Scott Dial <geekmug@gmail.com> | 2013-08-12 21:00:26 -0400 |
| commit | 78c978e40741fdbd5103449a14a5b60614d6fcff (patch) | |
| tree | 0a458783ab05054161abe5767178cc3adbe157e5 /Documentation | |
| parent | 09a35b97254f84624775f15283aa6bffaadcda70 (diff) | |
Expand capabilities of ldap.groupMemberPattern
Previously, the pattern supported a limited set of variables that were
either accidentially available (due to their use in other queries) or
hard-coded (e.g., `username` is a special-case that was added).
Furthermore, the documentation made reference to being able to use
variables such as `${uidNumber}` even though they are not actually
supported (since `uidNumber` is normally never queried). Under the
default RFC 2307 configuration of LDAP, the only variables available
were `displayName, `mail`, `uid`, and `username` (It's noteworthy
that `username` was added as a special-case due to the default
`groupMemberPattern` containing `${username}` even though `username`
is substitued by Gerrit and not LDAP).
This changeset removes the artificial restrictions on the attributes
used in the `groupMemberPattern`. Any variable is assumed to
originate from the account, but `username` is still overridden and
provided by Gerrit (as before). This allows more expressive patterns,
which allows us to fix an outstanding bug in group matching. Prevously,
a user whose `gidNumber` matched the group's `gidNumber` would not have
been included in the group. This changeset updates the default
`groupMemberPattern` to account for this issue by adding the additional
case of `(gidNumber=${gidNumber}`.
Bug: Issue 2054
Change-Id: Iff3a14c569a10c1ef693b672f4710fb6f2f8d9a6
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/config-gerrit.txt | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt index 6228a94ab7..27a0937f63 100644 --- a/Documentation/config-gerrit.txt +++ b/Documentation/config-gerrit.txt @@ -1812,8 +1812,8 @@ corresponding attribute (in this case, `fooBarAttribute`) as read from the user's account object matched under `ldap.accountBase`. Attributes such as `${dn}` or `${uidNumber}` may be useful. + -Default is `(memberUid=${username})` for RFC 2307, -and unset (disabled) for Active Directory. +Default is `(|(memberUid=${username})(gidNumber=${gidNumber}))` for +RFC 2307, and unset (disabled) for Active Directory. [[ldap.groupName]]ldap.groupName:: + |