Change theme
Help
Press space for more information.
Show links for this issue (Shortcut: i, l)
Copy issue ID
Previous Issue (Shortcut: k)
Next Issue (Shortcut: j)
Sign in to use full features.
Vote: I am impacted
Notification menu
Refresh (Shortcut: Shift+r)
Go home (Shortcut: u)
Use Markdown for this comment
Set severity, which reflects how much the issue affects the use of the product
Change issue status back to 'Assigned'
Pending code changes (auto-populated)
Googlesource release version that first features the resolution of this issue. [ID: 1154560]
The TargetMilestone field is used to define when the engineer the bug is assigned to expects to fix it. [ID: 1154531]
Select items in the list
The version field defines the version of the software the bug was found in. [ID: 1154637]
Set the version(s) of the product affected by this issue (comma-separated list)
Set the version(s) of the product in which the issue should be fixed (comma-separated list)
Set the version(s) of the product in which the issue fix was verified (comma-separated list)
Set if this issue occurs in production
Set Reporter
Set Type
Set priority, which reflects how soon the issue should be fixed
Set Status
Set Assignee
Set Verifier
Remove item
View or edit staffing
View issue level access limits(Press Alt + Right arrow for more information)
Description
#1Affected Version: 2.16.x onwards (only PolyGerrit)
What steps will reproduce the problem?
1. Configure Gerrit for ldap authentication and confirm that users authenticate properly.
2. Navigate to Access tab for a Gerrit Project and click Edit
3. add a permission for an ldap group with dot (".") character in the name
! ldap name will autocomplete successfully
! autocompletion can be selected and text input will populate successfully
! permission will appear will appear in UI to be added successfully
What is the expected output?
"Save": Access changes will be saved
"Save for Review": New review will be started the change just made
What do you see instead?
Message pops up "No changes to save" and nothing further happens. There is no way to save this change or save for review either.
If you switch to GWT UI instead, you can add and save the permission successfully.
Please provide any additional information below.
* Users continue to authenticate via ldap just fine.
* Users can be added and removed to permissions just fine
* DLs can be added to gerrit groups and gerrit groups can be added to permissions just fine.
* legacy repos with these kinds of ldap groups already in the Access rules continue to work normally.
* We see occasional LDAP warnings e.g.
WARN com.google.gerrit.server.auth.ldap.LdapGroupBackend : Cannot query LDAP for groups matching requested name [CONTEXT PLUGIN="gerrit" ]
javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name 'DC=amd,DC=com'
however, these warnings are avoidable and do not contribute to the issue from what we can tell.
* We see no other errors in the log that would indicate how to proceed.
* We have tried different variations of accountBase, groupBase, accountPattern, groupPattern, but only one accountBase allowed ldap authentication to continue working without error (and only with default patterns), so we are sticking with that.
* As stated above, our existing repos (imported from Gerrit 2.15.6) make extensive use of these ldap groups and they continue to function correctly. We are just unable to write new permissions using them in Gerrit 3.