Details
-
Improvement
-
Resolution: Fixed
-
Minor
-
2.2.0
Description
New pull request was created at https://github.com/Internet2/grouper/pull/50 . Please consider adding the changes to future patches or releases.
The changes proposed are for a new method based on the existing convertAdMemberDnToSpecificValue method. It includes the following:
- case-insensitive base DN check for the whether a DN is within a base suffix
- convertAdMemberDnToSpecificValue assumes that cn values are always equal to sAMAccountName values. This should work for most environments, but makes the method AD specific . Proposed changes make a more generic LDAP query and to set member DN as the search base DN
- LDAP serverId can be passed to method as parameter instead of being hard-coded in. This accounts for cases where the default "personLdap" serverId in grouper-loader.properties was changed.
- added code to address members that have objectclass=person but are not "people". e.g: computer objects in AD inheriting from person objectclass
- added LDAP query to verify group members that are group objects (nested groups).