starred/lldap-lldap
1
0
Fork 0
mirror of https://github.com/lldap/lldap.git synced 2026-04-25 08:15:52 +03:00
Code Issues 101 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #468] When query user memberof attribute maybe wrong group dn is returned #177

New issue
Closed
opened 2026-02-27 08:15:41 +03:00 by kerem · 6 comments
kerem commented 2026-02-27 08:15:41 +03:00
Owner
Copy link

Originally created by @zozzz on GitHub (Mar 3, 2023).
Original GitHub issue: https://github.com/lldap/lldap/issues/468

In this line the group common name returned as uid, but the documentation says the group name is cn=family,ou=groups,dc=example,dc=com. The memberOf queries is working like this naming convention.

Originally created by @zozzz on GitHub (Mar 3, 2023). Original GitHub issue: https://github.com/lldap/lldap/issues/468 In this [line](https://github.com/nitnelave/lldap/blob/2593606f1638c2708a9c7db08b0190391ad125c2/server/src/domain/ldap/user.rs#L49) the group common name returned as uid, but the documentation says the group name is `cn=family,ou=groups,dc=example,dc=com`. The memberOf queries is working like this naming convention.
kerem 2026-02-27 08:15:41 +03:00
kerem commented 2026-02-27 08:15:42 +03:00
Author
Owner
Copy link

@nitnelave commented on GitHub (Mar 4, 2023):

Both are valid. Technically, uid is probably more future proof, but it doesn't really matter.

<!-- gh-comment-id:1454570310 --> @nitnelave commented on GitHub (Mar 4, 2023): Both are valid. Technically, uid is probably more future proof, but it doesn't really matter.
kerem commented 2026-02-27 08:15:42 +03:00
Author
Owner
Copy link

@zozzz commented on GitHub (Mar 4, 2023):

Can you rename it to cn? I want to use with OPNSense, and excepting cn instead of uid. I think this is more standard in group names. Maybe this change breaks other apps.

<!-- gh-comment-id:1454675286 --> @zozzz commented on GitHub (Mar 4, 2023): Can you rename it to cn? I want to use with OPNSense, and excepting cn instead of uid. I think this is more standard in group names. Maybe this change breaks other apps.
kerem commented 2026-02-27 08:15:42 +03:00
Author
Owner
Copy link

@martadinata666 commented on GitHub (Mar 4, 2023):

you can override User naming attribute to uid, if that is what you mean by accepting cn

<!-- gh-comment-id:1454680689 --> @martadinata666 commented on GitHub (Mar 4, 2023): you can override `User naming attribute` to `uid`, if that is what you mean by accepting `cn`
kerem commented 2026-02-27 08:15:42 +03:00
Author
Owner
Copy link

@nitnelave commented on GitHub (Mar 4, 2023):

That would more be a request for opnsense, to add support for uid. It's
perfectly standard.

On Sat, 4 Mar 2023, 10:22 Vetési Zoltán, @.***> wrote:

Can you rename it to cn? I want to use with OPNSense, and excepting cn
instead of uid. I think this is more standard in group names. Maybe this
change breaks other apps.


Reply to this email directly, view it on GitHub
https://github.com/nitnelave/lldap/issues/468#issuecomment-1454675286,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAGCPWNFX7XERZBOZGSLDULW2MCXBANCNFSM6AAAAAAVPFK3RI
.
You are receiving this because you commented.Message ID:
@.***>

<!-- gh-comment-id:1454681126 --> @nitnelave commented on GitHub (Mar 4, 2023): That would more be a request for opnsense, to add support for uid. It's perfectly standard. On Sat, 4 Mar 2023, 10:22 Vetési Zoltán, ***@***.***> wrote: > Can you rename it to cn? I want to use with OPNSense, and excepting cn > instead of uid. I think this is more standard in group names. Maybe this > change breaks other apps. > > — > Reply to this email directly, view it on GitHub > <https://github.com/nitnelave/lldap/issues/468#issuecomment-1454675286>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AAGCPWNFX7XERZBOZGSLDULW2MCXBANCNFSM6AAAAAAVPFK3RI> > . > You are receiving this because you commented.Message ID: > ***@***.***> >
kerem commented 2026-02-27 08:15:42 +03:00
Author
Owner
Copy link

@zozzz commented on GitHub (Mar 7, 2023):

@martadinata666 Not the user name is my problem.

@nitnelave Ok. I just think this is a bug, but just inconsistent dn naming with (objectClass=groupOfNames).

# ldapsearch "(objectClass=groupOfNames)"

dn: cn=admin_group,ou=groups,dc=example,dc=com
objectclass: groupOfUniqueNames

dn: cn=lldap_admin,ou=groups,dc=example,dc=com
objectclass: groupOfUniqueNames

# ldapsearch "(objectClass=person)" memberof

dn: uid=admin,ou=people,dc=example,dc=com
memberof: uid=lldap_admin,ou=groups,dc=example,dc=com

# dn is changed from cn=admin_group,ou=groups,dc=example,dc=com
memberof: uid=admin_group,ou=groups,dc=example,dc=com

But, maybe is a good idea to use same dn everywhere.

<!-- gh-comment-id:1458117651 --> @zozzz commented on GitHub (Mar 7, 2023): @martadinata666 Not the user name is my problem. @nitnelave Ok. I just think this is a bug, but just inconsistent _dn_ naming with `(objectClass=groupOfNames)`. ```yaml # ldapsearch "(objectClass=groupOfNames)" dn: cn=admin_group,ou=groups,dc=example,dc=com objectclass: groupOfUniqueNames dn: cn=lldap_admin,ou=groups,dc=example,dc=com objectclass: groupOfUniqueNames ``` ```yaml # ldapsearch "(objectClass=person)" memberof dn: uid=admin,ou=people,dc=example,dc=com memberof: uid=lldap_admin,ou=groups,dc=example,dc=com # dn is changed from cn=admin_group,ou=groups,dc=example,dc=com memberof: uid=admin_group,ou=groups,dc=example,dc=com ``` But, maybe is a good idea to use same _dn_ everywhere.
kerem commented 2026-02-27 08:15:42 +03:00
Author
Owner
Copy link

@nitnelave commented on GitHub (Mar 7, 2023):

Alright, phrased like that it's totally fair :)

<!-- gh-comment-id:1458125496 --> @nitnelave commented on GitHub (Mar 7, 2023): Alright, phrased like _that_ it's totally fair :)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dependabot/github_actions/codecov/codecov-action-6
copilot/fix-equality-filters-list-attributes
dependabot/github_actions/docker/build-push-action-7
dependabot/github_actions/docker/metadata-action-6
dependabot/github_actions/docker/setup-buildx-action-4
dependabot/github_actions/docker/login-action-4
copilot/update-download-artifact-action
copilot/fix-opensuse-warnings
copilot/fix-1268
copilot/fix-727
copilot/fix-898
copilot/fix-1256
copilot/fix-1251
copilot/fix-1249
copilot/fix-1206
user-attribute-form
user-ui
group-ui
server-user-attribute-schema
crates
haveibeenpwned
v0.6.2
v0.6.1
v0.6.0
v0.5.0
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3.0
v0.2.0
v0.0.1
Labels
Clear labels   
backend

   
blocked

   
bug

   
cleanup

   
dependencies

   
docker

   
documentation

   
duplicate

   
enhancement

   
enhancement

   
frontend

   
github_actions

   
good first issue

   
help wanted

   
help wanted

   
integration

   
invalid

   
ldap

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
rust

   
rust

   
tests

   
wontfix
No labels
backend
blocked
bug
cleanup
dependencies
docker
documentation
duplicate
enhancement
enhancement
frontend
github_actions
good first issue
help wanted
help wanted
integration
invalid
ldap
pull-request
question
rust
rust
tests
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/lldap-lldap#177
No description provided.