LDAP group filters

Hi there, I'm running TeamCity 2018.2.4 and have successfully managed to connect my LDAP repository.

While users are synced properly, I have an issue with groups.

The LDAP directory I'm using doesn't have any attribute that stores `DN` on groups. The closes attribute I have is the node name.

Group DN is `cn=AllUsers,ou=groups,dc=...,dc=com` and `cn=AllUsers` is set on the group.

My TeamCity configuration is the following

teamcity.options.groups.synchronize=true
teamcity.groups.base=ou=groups
teamcity.groups.filter=(objectClass=groupofUniqueNames)
# teamcity.groups.distinguishedName= no attribute contains the dn, so it defaults to `distinguishedName`

The resulting filter is:

(&(objectClass=groupofUniqueNames)(distinguishedName=cn=AllUsers,ou=groups,dc=cloudflaretest,dc=oktapreview,dc=com))

Is there a way to override this filter and replace it by custom one? Ideally, I would like to replace it with

(&(objectClass=groupofUniqueNames)(cn=AllUsers))

That's what I use when querying my LDAP directory with `ldapsearch`, specifying the base as a separate parameter.

2 comments
Comment actions Permalink

Hello,

Unfortunately, there is no way to turn off that search by distinguishedName attribute.

We have an alike sounding issue in our tracker: https://youtrack.jetbrains.com/issue/TW-44079, though.

0
Comment actions Permalink

Thanks Yegor!

The issue sounds very similar. I'll look forward to have it.

0

Please sign in to leave a comment.