LDAP group syncing with SAML authentication

[Alexandru Cojocariu]

Hello,

I have a Gerrit instance that runs on a Docker container and I just switched from LDAP authentication to SSO using the SAML plugin.
I don't want to use LDAP anymore for authentication but I still want to bring LDAP groups inside my Gerrit instance. Is it possible to sync the LDAP groups while the authentication is done using the saml plugin? (so the auth.type is not LDAP or HTTP_LDAP)

Thank you,
Alex

[Fabio Ponciroli]

Hi Alexandru,

I think HTTP_LDAP auth type [1] is what you are after.

If you look at the documentation:

"HTTP_LDAP: Exactly like HTTP (above), but additionally Gerrit pre-populates a user’s full name and email address based on information obtained from the user’s account object in LDAP. The user’s group membership is also pulled from LDAP, making any LDAP groups that a user is a member of available as groups in Gerrit. Hence the _LDAP suffix in the name of this authentication type. Gerrit does NOT authenticate the user via LDAP."

You can then install and configure the SAML plugin for authentication only.

Isn't that what you are after?

HTH,

Ponch

[1]: https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#ldap

Thank you,
Alex

--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/a06dfbd2-152e-4cc9-9bbf-69a91896d7ffn%40googlegroups.com.