Even though there is a reverse proxy solution [1] to stand up Apache/NGINX to
authenticate to multiple LDAP servers and have Gerrit use the authentication
from Apache/NGINX, it is not without it's own issues. The most common seems to
be the inability to log out [2].
It would be really nice if the Gerrit could try multiple LDAP connections. The
gerrit.config could just have multiple [ldap "name"] entries with a searchOrder
value that indicates which order to authenticate with and the first match wins.
[auth]
type = LDAP
[ldap "domain-A"]
searchOrder = 1
server = ldap://ldap.example.com:3268
username = binduser
accountBase = OU=UnitA,DC=example,DC=com
groupBase = OU=UnitA,DC=example,DC=com
accountPattern = (sAMAccountName=${username})
accountFullName = displayName
accountEmailAddress = mail
[ldap "domain-B"]
searchOrder = 2
server = ldap://ldap-2.example2.com:3268
username = binduser
accountBase = OU=UnitB,DC=example2,DC=com
groupBase = OU=UnitB,DC=example2,DC=com
accountPattern = (sAMAccountName=${username})
accountFullName = displayName
accountEmailAddress = mail
[1] https://groups.google.com/d/topic/repo-discuss/YZvpqo2BqOY/discussion
[2] https://groups.google.com/d/topic/repo-discuss/7ojGVGE8iSU/discussion
Original issue reported on code.google.com by baron.vo...@gmail.com on 20 May 2015 at 3:15
Original issue reported on code.google.com by
baron.vo...@gmail.comon 20 May 2015 at 3:15