Modify

Opened 14 months ago

#11305 new enhancement

Please support nested groups

Reported by: korn Owned by: sandinak
Priority: normal Component: DirectoryAuthPlugin
Severity: normal Keywords:
Cc: Trac Release:

Description

Currently, your code finds group memberships by searching for groups that have the user's DN as member.

This doesn't work for nested groups. It might be possible to use memberOf instead (I'm not sure; it's also not universally available); but failing that, there seem to be two approaches:

  1. Build a full internal representation of the entire LDAP group hierarchy. This probably doesn't scale well if there are many groups.
  1. Look up specific groups (e.g. the ones that have special permissions attached in the trac instance) and recursively obtain lists of their members (by checking whether each member is also a group, and enumerating its own members etc.). This is, I think, the better solution overall.

Attachments (0)

Change History (0)

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.