Does Quay support Nested LDAP Groups for teams synchronization?

Solution Verified - Updated 13 Jun 2024

Environment

Red Hat Quay
- 3.8+

Issue

When there are 2 DNs, one begins with cn=group-1 and other is cn=group-2. And group-2 is already part of the group-1, team synchronization fails.
Does Quay support nested group sync?
While binding team membership to specific LDAP group in Quay, what setting we need to apply to enable nested LDAP sync in "Additional User Filters" ?

Resolution

Quay does not support nested LDAP group sync but a new feature request has been raised: This content is not included.PROJQUAY-615 - Allow nested LDAP groups in directory team sync. This feature will be soon seen in upcoming Quay releases.
However, the workaround that can be used is - manually maintain Quay team membership (without using ‘directory synchronization’ feature), and do regularly syncs. Quay team with LDAP group members using cronjobs.

SBR

Shift Container Registry

Product(s)

Red Hat Quay

Components

quay

Category

Learn more

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.