Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Allow for empty AD group in LDAP sync
See original GitHub issueWe have an issue where we mirror ldap2pg.yaml across our environments, (test, dev, prod) and have a similar naming scheme for our AD groups.
- ldap:
base: "base_dn_goes_here"
filter: "(CN=${ENV}_name_of_ad_group)" # Replaced at runtime with ENV
role:
name: '{member.cn}'
options: LOGIN SUPERUSER
parent:
- ldap_roles
- owners
on_unexpected_dn: warn
The problem occurs when there are no users in the AD group - something that can also occur if someone quits. ldap2pg will error out saying it has no attribute member.
As far as I can see, there is no way to have ldap2pg ignore an AD group with no members. I have tried “on_unexpected_dn” but that does not seem to work in this case.
Issue Analytics
- State:
- Created 4 years ago
- Comments:16 (7 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Looks good to me! Seems like a very useful feature, and the warning is definitely a good way to avoid foot-guns!
Is there a flag for treating warnings as errors if the user wants to run in “strict mode” ala Sphinx?
Hi @bersace That would be awesome!