Fixed dynamic group ldap access

[blizzz]

Jenkins PR for #23344

Code-style changes added.

[mention-bot]

By analyzing the blame information on this pull request, we identified @alexweirig, @leo-b and @GreenArchon to be potential reviewers

[MorrisJobke]

@SergioBertolinSG @davitol @blizzz Could you check this out?

[SergioBertolinSG]

We don't have a ldap server with dynamic groups. Last time I tried to set it up with @blizzz many problems arose, There is an ldap server with dynamic groups in an already prepared docker which we can use?

Also mentioning @davicente here.

[MorrisJobke]

There is an ldap server with dynamic groups in an already prepared docker which we can use?

I have no idea, but maybe @alexweirig has an idea how to test this (or how to fire up a useful LDAP server) :)

[blizzz]

@SergioBertolinSG it took me 5 minutes with a fresh docker instance…

[MorrisJobke]

@SergioBertolinSG it took me 5 minutes with a fresh docker instance…

Please share your knowledge and drop it in the wiki :)

[blizzz]

@SergioBertolinSG it took me 5 minutes with a fresh docker instance…

Please share your knowledge and drop it in the wiki :)

Based on a docker-image from private repo. Thus I provided a pastebin to @SergioBertolinSG on IRC in middle of April, but know it's run out of course. Need to do it again.

[MorrisJobke]

Based on a docker-image from private repo. Thus I provided a pastebin to @SergioBertolinSG on IRC in middle of April, but know it's run out of course. Need to do it again.

THen maybe build it in open source 🙈

[blizzz]

Not my decision :p

[blizzz]

# service slapd start

# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/dyngroup.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=dyngroup,cn=schema,cn=config"

# ldapmodify -D "$BINDDN" -w $PASSWORD 
version: 1
dn: cn=DynamicGroup,$GROUPBASEDN
changetype: add
objectClass: groupOfURLs
cn: DynamicGroup
memberUrl: ldap:///$USERBASEDN??sub?(objectClass=inetOrgPerson)

With that docker containter, the LDAP server must be startet first (1. command), then the schema needs to be added (2. command) and finally a dynamic group needs to be created, in this example it will have all users underneath a certain base as members (3. command)

[SergioBertolinSG]

When I use second command inside the container I get:

ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

@blizzz how are you running this commands? (this is using a fresh new container)

[blizzz]

@SergioBertolinSG

All I did outside of docker was

sudo docker build .
sudo docker run -t -i -d -p 389:389 e7f205338b56
sudo docker attach d2ca37d81ecfe3f06593f6bc26c96ee80905c53dfc3e505c2070c560bb1078c1

Everything else inside docker describe in #23450 (comment)

Nothing else. That's all.

[SergioBertolinSG]

Works fine 👍

[blizzz]

My vote was on the original PR: #23344 (comment)

[blizzz]

And Contributor signed the CLA meanwhile.

[blizzz]

Needs backport to 9.0, because it fixes #23081

[PVince81]

stable9: #24950

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.