Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Limit importing LDAP users to a certain posixgroup

Jean-Paul van O
Jean-Paul van Oosten February 18, 2014

Hi,

We are trying out Stash, and we'd love to use our openLDAP (posix schema) for managing accounts. Connecting to LDAP and importing / syncing accounts works, but now we want to limit the imported users that are members a certain posixgroup.

We have tried changing the "Group Object Filter" to limit importing one group. This imports only the selected group, but unfortunately, still imports all the users from LDAP.

The current hypothesis is that we need to do something with the "User Object Filter". However, since there is no "memberOf" property, we need to select users on the basis of the groups "memberUID" property. As far as we know, that is currently not possible.

The LDAP schema is "rfc2307" (storing member names in the memberuid attribute), we specifically do not use "rfc2307bis".

Is there a way that we can limit the users stash imports to a specific group?

Kind regards,

Jean-Paul van Oosten

Answer
Watch
Like Be the first to like this
597 views

2 answers

0 votes
Jean-Paul van O
Jean-Paul van Oosten February 23, 2014

Hi Charles,

Thank you for your answer. Indeed we found that only users with the "stash user" permission count towards the license limit. We wanted to limit the set of imported users for a better overview.

Thanks for the suggestion of adding the crowd-tag.

Regards,

Jean-Paul

Reply
0 votes
cofarrell
cofarrell
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 21, 2014

Hi Jean-Paul,

My LDAP is a little rusty, but I think you're probably correct that you would really need the memberOf on your users to do the filter you want.

That said, I have to wonder if you're asking because you want to reduce the number of users counted towards your license? If that is your reason then my, slightly odd, suggestion is to just remove the stash-users group from the global permissions, and only assign permissions to the group you care about. Stash only calculates licenses for groups/users that at least have one permission.

If you want to remove the users completely from Stash, either for performance or for visibility reasons then I'm afraid I don't know the answer. I might then suggest adding the 'crowd' tag to this question as we just defer to the embedded crowd library, and Stash has very little to do with the actual LDAP integration.

I hope that helps in some way.

Charles

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events