pGina LDAP Plugin and Group synchronization

[Hugo Monteiro]

Hi everyone,

We've come to a dead end on the ability to sync groups from our OpenLDAP server.

As per the documentation, one is supposed to define a group DN pattern in order to retrieve the users group information. Problem arises since a DN can be comprised of whatever attribute composition you wish and not necessarily be of the form cn=something,ou=someou,dc=domain,dc=com.

In our case we have defined our LDAP entries on the form of uniqueIdentifier=numbercode,ou=users/groups,dc=domain,dc=com. Entries still all have a CN attribute but it's not used to compose the DN.

I realize that it's not a very usual approach but there is no impediment to proceeding this way, and we are able to change user logins and group names without having to delete and add new entries. They are only renames after all.
In our view, instead of providing a search pattern, one should be able to just provide the attribute that holds the groups name (%g), which would be CN in this case, and the membership attribute within the group (member or even memberUid, depending on the implementation). As a complement there could exist support for the memberships attribute within the user entry, usually provided by the memberOf attribute. This would save some searches, if the LDAP directory would provide such information.

Would any changes to the product, in this direction, be reasonable in a near future?

Kind regards,

Hugo Monteiro.