Skip to content

Issue 180: wrong ldap dn path to search the group #199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Mar 20, 2020
Merged

Issue 180: wrong ldap dn path to search the group #199

merged 8 commits into from
Mar 20, 2020

Conversation

@andreaspeters
Copy link
Contributor

@andreaspeters andreaspeters commented Feb 21, 2018

To resolve the users group, the coded used the wrong variables. So, the code was filtering against the users dn, but it have to filter against the group dn. :-) So, I just change it and hope u fell ok with it.

@kvspb kvspb merged commit bf64cf2 into kvspb:master Mar 20, 2020
davidjb added a commit to jcu-eresearch/nginx-auth-ldap that referenced this pull request Mar 23, 2020
@davidjb
Revert "Merge pull request kvspb#199 from AVENTER-UG/issue_180"
16d56ea 
This reverts commit bf64cf2, reversing
changes made to f022103.

This change isn't right -- it an LDAP setup when `group_attribute_is_dn
on` is enabled, which is what this section of code
(kvspb@bf64cf2#diff-c05c0daefb48996cbf510b81002b49bcR2230)
is conditionally targeting.  This original PR kvspb#199 changed the underlying
LDAP query (eg `user_val`) from looking up the user's DN as a group
attribute in LDAP (eg set via the `group_attribute` directive in nginx)
to looking up the _group's_ DN, which isn't right and won't work.

This PR reverts the previous change to make this work correctly again.

Fwiw, the originally-referenced issue kvspb#180 seems to be a completely
different issue, relating to escaping and parentheses.
@davidjb davidjb mentioned this pull request Mar 23, 2020
Merged
mmguero added a commit to mmguero-dev/nginx-auth-ldap that referenced this pull request Apr 20, 2020
@mmguero
Revert "Merge pull request kvspb#199 from AVENTER-UG/issue_180"
4e6f698 
This reverts commit bf64cf2, reversing
changes made to f022103.

This change isn't right -- it an LDAP setup when `group_attribute_is_dn
on` is enabled, which is what this section of code
(kvspb@bf64cf2#diff-c05c0daefb48996cbf510b81002b49bcR2230)
is conditionally targeting.  This original PR kvspb#199 changed the underlying
LDAP query (eg `user_val`) from looking up the user's DN as a group
attribute in LDAP (eg set via the `group_attribute` directive in nginx)
to looking up the _group's_ DN, which isn't right and won't work.

This PR reverts the previous change to make this work correctly again.

Fwiw, the originally-referenced issue kvspb#180 seems to be a completely
different issue, relating to escaping and parentheses.
@mmguero mmguero mentioned this pull request Apr 20, 2020
Closed
kvspb added a commit that referenced this pull request Apr 28, 2020
@kvspb
Merge pull request #234 from jcu-eresearch/fix-group-lookup
83c059b 
Revert #199 to fix group membership lookups
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@andreaspeters @kvspb