LDAP group not showing in Gerrit

1
votes

I am using Gerrit with LDAP auth. My gerrit config is like:

server = ldap://192.168.1.100:389
username = cn=admin,dc=doman,dc=com,dc=cn
groupsVisibleToAll = true
accountBase = ou=Users,dc=domain,dc=com,dc=cn
accountScope = subtree
accountPattern = (&(objectClass=inetOrgPerson)(uid=${username}))
accountFullName = sn
accountEmailAddress = mail
accountSshUserName = uid
#accountMemberField = memberOf
#accountMemberExpandGroups = true
#fetchMemberOfEagerly = true
groupBase = ou=Groups,dc=domain,dc=com,dc=cn
groupScope = subtree
groupPattern = (&(objectClass=groupOfUniqueNames)(cn=${groupname}))
groupMemberPattern = (&(objectClass=groupOfUniqueNames)(uniqueMember=${dn}))
groupName = cn

LDAP tree is like:

+--> dc=domain,dc=com,dc=cn (3)
  ---> cn=admin
  +--> ou=Groups (2)
  | ---> cn=admin
  | ---> cn=dev
  +--> ou=Users (3)
  | ---> cn=gerrit
  | ---> cn=jenkins
  | ---> cn=test

I add memberOf relative to LDAP myself, the group object class is groupOfUniqueNames, the user object class is inetOrgPerson. groupOfUniqueNames contains a attribute ``````uniqueMember which contains the dn of group users. inetOrgPerson contains a attribute memberOf is the dn of it's group.

But I can't login when I add accountMemberField. And the LDAP groups is not showing in gerrit.

Doc: https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#ldap

1
ldapgerrit
Hey did you ever find the answer to this?Jesse
Just type ldap/dev to define ldap dev group in gerrit.Index
thanks that works!Jesse

1 Answers

1
votes

If you can login gerrit with the LDAP account. Just go to Gerrit project access add a LDAP group use ldap/*. * is the LDAP group name.