• Type: Bug
• Resolution: Fixed
• Priority: Medium
• Fix Version/s: 3.5
• Affects Version/s: 2.1.3
• Component/s: None
• Labels:

  • affects-server
  • users&groups

[CONFSERVER-5305] Non-existent users in groups cause problems when using LDAP

Collapse comment: Matt Ryall added a comment - 17/Mar/2006 4:35 AM

Matt Ryall added a comment - 17/Mar/2006 4:35 AM

You're right. This issue was known but not documented anywhere.

I've raised CONF-5723 to track it. Please add your vote there.

Expand comment: Matt Ryall added a comment - 17/Mar/2006 4:35 AM

Matt Ryall added a comment - 17/Mar/2006 4:35 AM You're right. This issue was known but not documented anywhere. I've raised CONF-5723 to track it. Please add your vote there.

Collapse comment: Wolfram Richter added a comment - 16/Mar/2006 12:07 PM

Wolfram Richter added a comment - 16/Mar/2006 12:07 PM

Please decouple the Attribute used for the login name from the group search filter.
The attribute used for login is not necessarily the same as the member attribute of the group.
This is especially the case with MS AD, where the loginname would be the sAMaccountName attribute of the User, while the member attribute of AD groups contains the users full DN.
As of now, there is no meaningful use of LDAP integration with AD.

Expand comment: Wolfram Richter added a comment - 16/Mar/2006 12:07 PM

Wolfram Richter added a comment - 16/Mar/2006 12:07 PM Please decouple the Attribute used for the login name from the group search filter. The attribute used for login is not necessarily the same as the member attribute of the group. This is especially the case with MS AD, where the loginname would be the sAMaccountName attribute of the User, while the member attribute of AD groups contains the users full DN. As of now, there is no meaningful use of LDAP integration with AD.