Hello, now I have such situation:
LDAP authentication configured to use one LDAP server (let it be example1.dom)
It is windows active directory and has trusted relationship with other domains like example2.dom and example3.dom. Everything works fine - gitlab authenticates users from all domains.
But now I want to use ldap group sync and I need to search for groups in all domains. And, I guess, I need to specify group_base for each of them.
The question is: can I use multiple ‘group_base’ parameter like:
group_base: ‘ou=groups1,dc=example1,dc=dom’
group_base: ‘ou=groups1,dc=example2,dc=dom’
group_base: ‘ou=groups1,dc=example3,dc=dom’
Or they can be written as ‘comma separated’?
Is it possible at all, or I should configure separate LDAP domains with separate ‘group_base’ parameter to each of them?
We validate LDAP filter syntax via the net-ldap gem. As it declares conformity with RFC 4515, anything that it accepts should be accepted by GitLab as well. Please check the RFC document for all syntax details. The or operator for example is |.
However, I haven’t tested this.