search

Adambean / gitlab-ce-ldap-sync

Synchronise users and groups (including group members) from an LDAP instance with Gitlab CE (and EE in free tier) self-hosted instance(s).
Apache License 2.0
59 stars 23 forks source link

No matching user name found for group member attribute "uniquemember". #19

Open yasenv-code opened 4 years ago

yasenv-code commented 4 years ago

Hello Adam,

I have the following setup: 

queries:
        baseDn:                         dc=awd-group,dc=tech

        userDn:                         ou=People
        userFilter:                     "(objectClass=inetOrgPerson)"
        userUniqueAttribute:            "cn"
        userMatchAttribute:             ~
        userNameAttribute:              "displayName"
        userEmailAttribute:             "mail"

        groupDn:                        "ou=Group"
        groupFilter:                    "(objectClass=groupOfUniqueNames)"
        groupUniqueAttribute:           "cn"
        groupMemberAttribute:           "uniqueMember"

And unfortunately I get this in the log:

[info] Found directory group "test-ldapgitlab".
[warning] Group #65 / member #1: Empty member attribute "uniquemember".
[warning] Group #65 / member #2: No matching user name found for group member attribute "uniquemember".
[warning] Group #65 / member #3: No matching user name found for group member attribute "uniquemember".
[notice] 0 directory group "test-ldapgitlab" member(s) recognised.

Where as you can see my LDAP has members.

image

Adambean commented 4 years ago

I'm pretty sure that @beharbunjaku implemented this in commit da977aa8007b84c194e6ed43857569641220fd46.

Adambean commented 3 years ago

Hi @yasenv-code, do you believe this is still an issue, or did the commit da977aa8007b84c194e6ed43857569641220fd46 resolve this for you?

iovcho commented 3 years ago

Yep, I still have the same error too.

Adambean commented 3 years ago

I wonder if this is a case sensitive issue. Does your directly have case sensitive attribute names? (E.g. are "uid" and "Uid" considered different. Usually .not.)

iovcho commented 3 years ago

I wonder if this is a case sensitive issue. Does your directly have case sensitive attribute names? (E.g. are "uid" and "Uid" considered different. Usually .not.)

Thanks for fast reply. I think the problem is here, but I am not sure and I don't know how can I fix it:

image

The error is: [warning] Group #1 / member #43: No matching user name found for group member attribute "uniquemember".

here is my config.yml image

I think the problem is uniquemember and uniqueMember (case senitive issue) , but I am not sure 100% . I cannot find where can I fix it.

Adambean commented 3 years ago

Interesting. I use groupOfUniqueNames too (from 389-DS) but I'm using memberUid instead of uniqueMember as the group member attribute. I should be in a position to test this and get back to you.

My initial thought would be that when the group is being iterated for members it's finding only full DNs within uniqueMember instead of just lone user names that memberUid has.