50457503f2
Previously, the pattern supported a limited set of variables that were
either accidentially available (due to their use in other queries) or
hard-coded (e.g., `username` is a special-case that was added).
Furthermore, the documentation made reference to being able to use
variables such as `${uidNumber}` even though they are not actually
supported (since `uidNumber` is normally never queried). Under the
default RFC 2307 configuration of LDAP, the only variables available
were `displayName, `mail`, `uid`, and `username` (It's noteworthy
that `username` was added as a special-case due to the default
`groupMemberPattern` containing `${username}` even though `username`
is substitued by Gerrit and not LDAP).
This changeset removes the artificial restrictions on the attributes
used in the `groupMemberPattern`. Any variable is assumed to
originate from the account, but `username` is still overridden and
provided by Gerrit (as before). This allows more expressive patterns,
which allows us to fix an outstanding bug in group matching. Prevously,
a user whose `gidNumber` matched the group's `gidNumber` would not have
been included in the group. This changeset updates the default
`groupMemberPattern` to account for this issue by adding the additional
case of `(gidNumber=${gidNumber}`.
Bug: Issue 2054
Change-Id: Iff3a14c569a10c1ef693b672f4710fb6f2f8d9a6