Details
-
Type: Bug
-
Status: Resolved
-
Priority: Major
-
Resolution: Fixed
-
Affects Version/s: 3.0.0
-
Fix Version/s: 3.5.0
-
Component/s: core.users
-
Labels:None
-
Easy:Easy
Description
If you specify "memberUid" as the "group_member_attr" and try to add sync groups and import new members while using posixGroups in ldap, it fails with:
Processing exception: Distinguished Name provided does not contain configured Base DN. Base DN: dc=test,dc=com, DN: hadoop: None
This is because of this section of ldap_access.py:
member_attr = desktop.conf.LDAP.GROUPS.GROUP_MEMBER_ATTR.get()
if member_attr in data:
ldap_info['members'] = data[member_attr]
else:
ldap_info['members'] = []
if 'posixGroup' in data['objectClass'] and 'memberUid' in data:
ldap_info['posix_members'] = data['memberUid']
else:
ldap_info['posix_members'] = []
This adds the users to both members and posix_members because they specified the memberUid and we only include memberUid in the posixGroup if statement. It works if you don't specify group_member_attr and the default of "member" is used, however, in posixGroup environments, they won't necessarily leave "group_member_attr" empty, they would probably set it to memberUid.