Uploaded image for project: 'Hue (READ ONLY)'
  1. Hue (READ ONLY)
  2. HUE-1767

[useradmin] Ensure posix groups and other groups are separated

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 3.5.0
    • Component/s: core.users
    • Labels:
      None
    • Easy:
      Easy

      Description

      If you specify "memberUid" as the "group_member_attr" and try to add sync groups and import new members while using posixGroups in ldap, it fails with:

      Processing exception: Distinguished Name provided does not contain configured Base DN. Base DN: dc=test,dc=com, DN: hadoop: None

      This is because of this section of ldap_access.py:

      member_attr = desktop.conf.LDAP.GROUPS.GROUP_MEMBER_ATTR.get()
      if member_attr in data:
      ldap_info['members'] = data[member_attr]
      else:
      ldap_info['members'] = []

      if 'posixGroup' in data['objectClass'] and 'memberUid' in data:
      ldap_info['posix_members'] = data['memberUid']
      else:
      ldap_info['posix_members'] = []

      This adds the users to both members and posix_members because they specified the memberUid and we only include memberUid in the posixGroup if statement. It works if you don't specify group_member_attr and the default of "member" is used, however, in posixGroup environments, they won't necessarily leave "group_member_attr" empty, they would probably set it to memberUid.

        Attachments

          Activity

            People

            • Assignee:
              cconner Chris Conner
              Reporter:
              cconner Chris Conner
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: