copumpkin
commented
7 years ago To clarify, the painful line in the current codebase is https://github.com/AdRoll/hologram/blob/master/server/usercache.go#L86. I'm not sure what to replace it with, but I'm inclined to just go for the analog of what used to be there, and ask for basically (${luc.roleAttribute}=*) rather than assume any particular class for groups.
In my original PR for the feature, I had an LDAP query that checked for the role attribute. @BillMedernach changed it in https://github.com/AdRoll/hologram/commit/03519df2ebb218f7422b71c88b06cea86afbdf4f to look for
(objectClass=groupOfNames)and that class doesn't exist on several directory servers, which I assume breaks Hologram on servers other than the one AdRoll uses?I only noticed this just now because I was running on my branch using the original code. Can we make that query configurable or make it more general somehow?