Page MenuHomePhabricator

Add support for LDAP group lookups based on gidNumber
Closed, ResolvedPublic



I am deploying Mediawiki into an environment with a very old LDAP configuration. It uses posixGroup and posixAccount structural classes and the users and groups are not related by any sort of mapping other than the gidNumber. The groups do not have a memberUid mapping either.

I looked at using the UserGroupsRequest::Configurable but because I don't have a one-to-many mapping of any sorts I couldn't see a way to get this working.

When I looked into writing a custom group provider and saw how simple it was I just went ahead and implemented a UserGroupsRequest::UserGidNumber class. I am about to create a Gerrit commit for this but I wanted a ticket to attach it to.


Related Gerrit Patches:
mediawiki/extensions/LDAPProvider : REL1_31Add UserGroupsRequest::UserGidNumber class
mediawiki/extensions/LDAPProvider : masterAdd UserGroupsRequest::UserGidNumber class

Event Timeline

M1cr0man created this task.Dec 20 2019, 8:52 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 20 2019, 8:52 PM

Change 559951 had a related patch set uploaded (by M1cr0man; owner: M1cr0man):
[mediawiki/extensions/LDAPProvider@master] Add UserGroupsRequest::UserGidNumber class

Just to mention I've also had this in production for 2 weeks now and it's working great :)

Osnard added a subscriber: Osnard.Tue, Jan 21, 7:22 AM

Thanks for your contribution! I will review it ASAP.

Change 566229 had a related patch set uploaded (by Robert Vogel; owner: M1cr0man):
[mediawiki/extensions/LDAPProvider@REL1_31] Add UserGroupsRequest::UserGidNumber class

Just merged your change. Again, thanks a lot!

Osnard closed this task as Resolved.Tue, Jan 21, 7:32 AM

Change 559951 merged by jenkins-bot:
[mediawiki/extensions/LDAPProvider@master] Add UserGroupsRequest::UserGidNumber class

Change 566229 merged by Robert Vogel:
[mediawiki/extensions/LDAPProvider@REL1_31] Add UserGroupsRequest::UserGidNumber class