Modify

Opened 8 years ago

Last modified 5 years ago

#985 new defect

users with different dn in same group

Reported by: anonymous Owned by: eblot
Priority: normal Component: LdapPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

Could not see a way to specify the dn for the user if the users are contained in different ou's

I have an ldap structure that separates offices

o=Company
ou=Region
ou=City
ou=Users (not in all cities)

so we could in the same group have say a user named

username1.Users.Tampa.America.Company
username2.Shanghi.Asia.Company
username3.Chicago.America.Company
username4.London.Europe.Company

Could this, since we are already logged in (if we are using ldap i'm assuming authentication is done with ldap also and has been verified or at least know the username) search for the user and get the correct dn to pass to the ldapsearch.

Probably should be in another ticket but while trouble shooting this i was looking at the packets it appears that its searching for all groups in the tree then searches each group to see if the user is a member could we just search the groups that are specified in the permissions table? We have around 100 groups and only one/two groups specified in the permissions table seems a waste to see if the user is in each of the other 98 that trac doesn't care about.

Attachments (0)

Change History (1)

comment:1 Changed 5 years ago by andrewcooper

You might check out #3993 and see if that works for you. Not only does it address your second point, but a side-effect of the fix is that it uses get_dn() to search for the full DN of a user.

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.