Allow for empty AD group in LDAP sync
See original GitHub issueWe have an issue where we mirror ldap2pg.yaml across our environments, (test, dev, prod) and have a similar naming scheme for our AD groups.
- ldap:
base: "base_dn_goes_here"
filter: "(CN=${ENV}_name_of_ad_group)" # Replaced at runtime with ENV
role:
name: '{member.cn}'
options: LOGIN SUPERUSER
parent:
- ldap_roles
- owners
on_unexpected_dn: warn
The problem occurs when there are no users in the AD group - something that can also occur if someone quits. ldap2pg will error out saying it has no attribute member
.
As far as I can see, there is no way to have ldap2pg ignore an AD group with no members. I have tried “on_unexpected_dn” but that does not seem to work in this case.
Issue Analytics
- State:
- Created 4 years ago
- Comments:16 (7 by maintainers)
Top Results From Across the Web
Solved: LDAP Group Sync Leaving Member in Empty Groups
There is a System Property to allow 0 members in groups! Instructions I got from ServiceNow support: [-] Go sys_properties table. [-] Click...
Read more >Syncing LDAP groups | OpenShift Container Platform 4.8
OpenShift Container Platform can sync those LDAP records with internal OpenShift Container Platform records, enabling you to manage your groups in one place....
Read more >Empty groups after LDAP group synchronization due to incorrect ...
Solution: When using global catalog port in your LDAP configuration on your TIBCO Spotfire Server configuration with group sync enabled, after a completed ......
Read more >Synchronize user and group details with LDAP - PaperCut
In AD/LDAP field name, enter the name of the field containing the card/ID numbers.
Read more >AD/LDAP groups - Mattermost Documentation
To enable this feature, go to System Console > Groups. Using AD/LDAP group synchronization. To synchronize specific AD/LDAP groups to Mattermost, specify the ......
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Looks good to me! Seems like a very useful feature, and the warning is definitely a good way to avoid foot-guns!
Is there a flag for treating warnings as errors if the user wants to run in “strict mode” ala Sphinx?
Hi @bersace That would be awesome!