Closed nnnlyy closed 3 years ago
No matching user name found for group attribute " member"
Looks like you've got an extra space before the attribute name there. Check your "config.yml" to ensure this isn't the case.
No matching user name found for group attribute " member"
Looks like you've got an extra space before the attribute name there. Check your "config.yml" to ensure this isn't the case.
I am sure that no extra space before "member", here is part of my config ` queries: baseDn: "dc=hihonor,dc=com"
userDn: ""
userFilter: "(&(objectClass=person)(objectClass=user)(!(objectClass=computer)))"
userUniqueAttribute: "CN"
userMatchAttribute: "distinguishName"
userNameAttribute: "CN"
userEmailAttribute: "mail"
groupDn: ""
groupFilter: "(objectClass=group)"
groupUniqueAttribute: "cn"
groupMemberAttribute: "member"`
I think this config have some problem, but they can get right size for group and user in groups.
Are you using Active Directory?
I think you'll need your "userUniqueAttribute" setting to be the default "uid", not "cn". For example on my Active Directory the contents of my object's "uid" field is what I type as my username to login. The other possibility would be "sAMAccountName". This would also mean that your "groupMemberAttribute" setting would likely need to be "memberUid" instead of "member".
I say "think" because I've never used this tool against Active Directory, I primarily use it with 389-DS.
yep, I use AD , BUT when I use "memberUid" that no user will out. " member" can get right size of user. and could you show me a pic about the right running status. I wanna have an example of the tool.
and
[ error] Gitlab failure: 403 Forbidden
do you have any idea for this error, I set token in Gitlab page to generate my personal token
Hi, Adam, I think I solved this issue, that because our LDAP has no email attribute in the array. so I delete the code about email, and I run it. by the way, thanks for your reply.
I think I solved this issue, that because our LDAP has no email attribute in the array. so I delete the code about email, and I run it.
That was very unexpected. Do you not record an email address with your users at all?
If that's the case I can modify the tool to ignore such users, because Gitlab wouldn't accept them anyway.
I think I solved this issue, that because our LDAP has no email attribute in the array. so I delete the code about email, and I run it.
That was very unexpected. Do you not record an email address with your users at all?
If that's the case I can modify the tool to ignore such users, because Gitlab wouldn't accept them anyway.
yep, you are right, gitlab must have email, so I ask ldap department for this attribute, anyway thks a lot. and I wanna know whether the ldap user array only get 1001 members? indeed, we have 10000+ users.
I've not intentionally put in a limit of ~1000 users, though Gitlab may impose this without enterprise licensing. If you've hit a specific error in that regard and think it's in this took I'd request you file this as a separate issue.
hi, I have some problems when I run problem 1:
php bin/console ldap:sync -vvv
the console show that Group # / member #1: No matching user name found for group attribute " member"but the number of groups is true, and the number of user in groups also right, but I can not see any user's information, like name or NO.
problem 2: when I run
php bin/console ldap:sync -vvv
in the end show that[ error] Gitlab failure: 403 Forbidden
but there has already connected gitlab and can get gitlab user.