It seems that most of our clouds use LDAP backends, which also use group_member_are_ids = false, but we do not specify a user_id_attribute.. This then falls back to the default of using the "CN" attribute.
It just so happens that Active directory entities are labeled with cn=$sAMAccountName,$user_tree_dn, and so the default code to assume user_id_attribute is the first field of the DN works in most production cases.
Suggest renaming title to "Specifying user_id_attribute that is not the distinguished name's primary key field in LDAP database fails when referencing group members if group_members_are_ids = false"
It seems that most of our clouds use LDAP backends, which also use group_member_ are_ids = false, but we do not specify a user_id_attribute.. This then falls back to the default of using the "CN" attribute.
It just so happens that Active directory entities are labeled with cn=$sAMAccountN ame,$user_ tree_dn, and so the default code to assume user_id_attribute is the first field of the DN works in most production cases.
Suggest renaming title to "Specifying user_id_attribute that is not the distinguished name's primary key field in LDAP database fails when referencing group members if group_members_ are_ids = false"