Open jaymode opened 6 years ago
Pinging @elastic/es-security
We discussed this in the ES security meeting some months ago and decided that this made sense, but was a low priority. For most of our security realms / protocols we only test against a single sample provider (e.g. SAML tests only run against Shibboleth) and given the relatively infrequency of LDAP compatibility issues this is a low priority change (we'd rather add more SAML tests).
Given that RHDS / 389DS's member-of plugin claims to automatically expand nested groups (see also https://github.com/elastic/elasticsearch/issues/43921), it might be worth adding it to the test suite so that we are running tests against at least 1 server that has nested group support.
Currently our LDAP tests are run against an OpenLDAP fixture. A recent announcement shows the RHEL and SLES are withdrawing support for OpenLDAP in favor of 389-ds. This issue is being opened to discuss testing against the 389-ds server in addition to OpenLDAP testing.