Active Directory primary groups

Issue #568 resolved
Karol Perkowski
created an issue

I'm using active directory groups to configure the permissions for each git repo. I noticed that the Domain Users group doesn't show up in the LDAP test. If you switch the default primary group to something like test-group. Then domain users shows up and test-group disappears. Not sure if the plugin has some kind of filter or is missing something.

Comments (3)

  1. Sebastian Sdorra repo owner

    The problem is that the "Domain Users" group is not stored in the member attribute (like each other group) it is stored in the primaryGroupID attribute. In this attribute is the last segment of the group sid stored and not the dn of the group (like each other group). So it is very difficult to extract this group from the ad. But if you need an group which matches each user who has access to SCM-Manager, you can use the virtual "_authenticated" group.

  2. Log in to comment