Switch LDAP plugin from Adldap2 to LdapRecord #2206
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This PR lays the groundwork for #1983. That work is expected to follow in the coming weeks. |
zackgalbreath
approved these changes
May 22, 2024
github-merge-queue bot
pushed a commit
that referenced
this pull request
Jun 17, 2024
While the current LDAP testing setup introduced in #2206 is an improvement over the previous mocking approach, it still lacks the robustness needed to test more complex features. This PR improves the tests by programmatically creating multiple users and groups, instead of just using a few hardcoded users in a single group.
github-merge-queue bot
pushed a commit
that referenced
this pull request
Aug 23, 2024
In response to user feedback about the new LDAP-based project membership feature added in #2282, this PR changes the project LDAP field to accept a filter instead of a group name for consistency with our existing `LDAP_FILTERS_ON` environment variable. This PR also addresses an issue with `LDAP_FILTERS_ON` related to the switch from Adldap2 in #2206 and reverts the environment variable rename from `LDAP_HOSTS` to `LDAP_HOST` to maintain backwards compatibility with existing systems.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Our current LDAP provider, Adldap2, is no longer maintained, and has been superseded by LdapRecord, which is maintained by the same author and contains similar functionality to Adldap2. This PR makes the changes required to move our existing LDAP features from Adldap2 to LdapRecord.
A major change in this upgrade is the way LDAP is configured. I have made an attempt to keep the user-facing environment variable API the same, but there may be slight differences on some systems. CDash administrators should take care when applying this upgrade on systems with LDAP integration.
Setting up a local environment with LDAP has historically been a major pain point for developers. A significant amount of work remains to be done, but this PR lays the groundwork by including a basic LDAP container in the development environment, against which tests are run. Running tests against an actual live LDAP server provides a more complete end-to-end test of our LDAP integration than the previous mock-based approach. OpenLDAP is used in our test environment, and is the primary target for our LDAP integration. ActiveDirectory support is provided on a best-effort basis only.