Details
-
Bug
-
Resolution: Fixed
-
High
-
None
-
2.1.5
-
None
Description
Our group membership search doesn't pick up users in some LDAP configurations, most notably Active Directory. In AD, a user record and corresponding group record might look like this:
cn=jsmith,cn=Users,dc=example,dc=com
cn: jsmith
objectClass: inetOrgPerson
sAMAccountName: john
cn=confluence-users,cn=Groups,dc=example,dc=com
cn: confluence-users
objectClass: group
member: cn=jsmith,cn=Users,dc=example,dc=com
Confluence assumes incorrectly that the group membership for John Smith would be: smAccountName=john,cn=Users,dc=example,dc=com. Oops.
We should decouple the attribute used for the login name from the group search filter.
Attachments
Issue Links
- relates to
-
CONFSERVER-5305 Non-existent users in groups cause problems when using LDAP
- Closed