Group # / member #1: No matching user name found for group attribute " member"

[nnnlyy]

hi,
I have some problems when I run
problem 1:
php bin/console ldap:sync -vvv
the console show that
Group # / member #1: No matching user name found for group attribute " member"

but the number of groups is true, and the number of user in groups also right, but I can not see any user's information, like name or NO.

problem 2:
when I run
php bin/console ldap:sync -vvv
in the end show that
[ error] Gitlab failure: 403 Forbidden

but there has already connected gitlab and can get gitlab user.

[Adambean]

No matching user name found for group attribute " member"

Looks like you've got an extra space before the attribute name there. Check your "config.yml" to ensure this isn't the case.

[nnnlyy]

No matching user name found for group attribute " member"

Looks like you've got an extra space before the attribute name there. Check your "config.yml" to ensure this isn't the case.

I am sure that no extra space before "member", here is part of my config
` queries:
baseDn: "dc=hihonor,dc=com"

    userDn:                         ""
    userFilter:                     "(&(objectClass=person)(objectClass=user)(!(objectClass=computer)))"
    userUniqueAttribute:            "CN"
    userMatchAttribute:             "distinguishName"
    userNameAttribute:              "CN"
    userEmailAttribute:             "mail"

    groupDn:                        ""
    groupFilter:                    "(objectClass=group)"
    groupUniqueAttribute:           "cn"
    groupMemberAttribute:           "member"`

I think this config have some problem, but they can get right size for group and user in groups.

[Adambean]

Are you using Active Directory?

I think you'll need your "userUniqueAttribute" setting to be the default "uid", not "cn". For example on my Active Directory the contents of my object's "uid" field is what I type as my username to login. The other possibility would be "sAMAccountName". This would also mean that your "groupMemberAttribute" setting would likely need to be "memberUid" instead of "member".

I say "think" because I've never used this tool against Active Directory, I primarily use it with 389-DS.

[nnnlyy]

yep, I use AD , BUT when I use "memberUid" that no user will out. " member" can get right size of user. and could you show me a pic about the right running status. I wanna have an example of the tool.

[nnnlyy]

and
[ error] Gitlab failure: 403 Forbidden
do you have any idea for this error, I set token in Gitlab page to generate my personal token

[nnnlyy]

Hi, Adam,
I think I solved this issue, that because our LDAP has no email attribute in the array. so I delete the code about email, and I run it.
by the way, thanks for your reply.

[Adambean]

I think I solved this issue, that because our LDAP has no email attribute in the array. so I delete the code about email, and I run it.

That was very unexpected. Do you not record an email address with your users at all?

If that's the case I can modify the tool to ignore such users, because Gitlab wouldn't accept them anyway.

[nnnlyy]

I think I solved this issue, that because our LDAP has no email attribute in the array. so I delete the code about email, and I run it.

That was very unexpected. Do you not record an email address with your users at all?

If that's the case I can modify the tool to ignore such users, because Gitlab wouldn't accept them anyway.

yep, you are right, gitlab must have email, so I ask ldap department for this attribute, anyway thks a lot.
and I wanna know whether the ldap user array only get 1001 members? indeed, we have 10000+ users.

[Adambean]

I've not intentionally put in a limit of ~1000 users, though Gitlab may impose this without enterprise licensing. If you've hit a specific error in that regard and think it's in this took I'd request you file this as a separate issue.