Opened 18 years ago
Last modified 15 years ago
#985 new defect
users with different dn in same group
| Reported by: | anonymous | Owned by: | Emmanuel Blot |
|---|---|---|---|
| Priority: | normal | Component: | LdapPlugin |
| Severity: | normal | Keywords: | |
| Cc: | Trac Release: | 0.10 |
Description
Could not see a way to specify the dn for the user if the users are contained in different ou's
I have an ldap structure that separates offices
o=Company
ou=Region
ou=City
ou=Users (not in all cities)
so we could in the same group have say a user named
username1.Users.Tampa.America.Company
username2.Shanghi.Asia.Company
username3.Chicago.America.Company
username4.London.Europe.Company
Could this, since we are already logged in (if we are using ldap i'm assuming authentication is done with ldap also and has been verified or at least know the username) search for the user and get the correct dn to pass to the ldapsearch.
Probably should be in another ticket but while trouble shooting this i was looking at the packets it appears that its searching for all groups in the tree then searches each group to see if the user is a member could we just search the groups that are specified in the permissions table? We have around 100 groups and only one/two groups specified in the permissions table seems a waste to see if the user is in each of the other 98 that trac doesn't care about.
You might check out #3993 and see if that works for you. Not only does it address your second point, but a side-effect of the fix is that it uses get_dn() to search for the full DN of a user.