Add latest changes from gitlab-org/gitlab@master

doc/user/admin_area/settings/visibility_and_access_controls.md

@@ -58,7 +58,7 @@ not selected.
 CAUTION: **Important:**
 Starting with [GitLab 10.7][ce-18021], HTTP(s) protocol will be allowed for
-git clone/fetch requests done by GitLab Runner from CI/CD Jobs, even if
+Git clone/fetch requests done by GitLab Runner from CI/CD Jobs, even if
 _Only SSH_ was selected.
 > **Note:** Please keep in mind that disabling an access protocol does not actually

doc/user/group/custom_project_templates.md

@@ -7,7 +7,7 @@ type: reference
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/6861) in [GitLab Premium](https://about.gitlab.com/pricing/) 11.6.
 When you create a new [project](../project/index.md), creating it based on custom project templates is
-a convenient bootstrap option.
+a convenient option.
 Users can configure a GitLab group that serves as template
 source under a group's **Settings > General > Custom project templates**.

doc/user/project/highlighting.md

-[Rouge]: https://rubygems.org/gems/rouge
-
 # Syntax Highlighting
-GitLab provides syntax highlighting on all files and snippets through the [Rouge][] rubygem. It will try to guess what language to use based on the file extension, which most of the time is sufficient.
+GitLab provides syntax highlighting on all files and snippets through the [Rouge](https://rubygems.org/gems/rouge) rubygem. It will try to guess what language to use based on the file extension, which most of the time is sufficient.
 If GitLab is guessing wrong, you can override its choice of language using the `gitlab-language` attribute in `.gitattributes`. For example, if you are working in a Prolog project and using the `.pl` file extension (which would normally be highlighted as Perl), you can add the following to your `.gitattributes` file:
@@ -12,7 +10,7 @@ If GitLab is guessing wrong, you can override its choice of language using the `
 When you check in and push that change, all `*.pl` files in your project will be highlighted as Prolog.
-The paths here are simply git's builtin [`.gitattributes` interface](https://git-scm.com/docs/gitattributes).  So, if you were to invent a file format called a `Nicefile` at the root of your project that used ruby syntax, all you need is:
+The paths here are simply Git's built-in [`.gitattributes` interface](https://git-scm.com/docs/gitattributes).  So, if you were to invent a file format called a `Nicefile` at the root of your project that used ruby syntax, all you need is:
 ``` conf
 /Nicefile gitlab-language=ruby

doc/user/project/index.md

@@ -129,7 +129,7 @@ Read through the documentation on [project settings](settings/index.md).
 - [Import a project](import/index.md) from:
   - [GitHub to GitLab](import/github.md)
-  - [BitBucket to GitLab](import/bitbucket.md)
+  - [Bitbucket to GitLab](import/bitbucket.md)
   - [Gitea to GitLab](import/gitea.md)
   - [FogBugz to GitLab](import/fogbugz.md)
 - [Export a project from GitLab](settings/import_export.md#exporting-a-project-and-its-data)

doc/user/project/merge_requests/index.md

@@ -311,7 +311,7 @@ as pushing changes:
 - Set the description of the merge request to a particular description.
 - Add or remove labels from the merge request.
-### Create a new merge request using git push options
+### Create a new merge request using Git push options
 To create a new merge request for a branch, use the
 `merge_request.create` push option:
@@ -320,7 +320,7 @@ To create a new merge request for a branch, use the
 git push -o merge_request.create
 ```
-### Set the target branch of a merge request using git push options
+### Set the target branch of a merge request using Git push options
 To update an existing merge request's target branch, use the
 `merge_request.target=<branch_name>` push option:
@@ -336,7 +336,7 @@ same time using a `-o` flag per push option:
 git push -o merge_request.create -o merge_request.target=branch_name
 ```
-### Set merge when pipeline succeeds using git push options
+### Set merge when pipeline succeeds using Git push options
 To set an existing merge request to
 [merge when its pipeline succeeds](merge_when_pipeline_succeeds.md), use
@@ -353,7 +353,7 @@ pipeline succeeds at the same time using a `-o` flag per push option:
 git push -o merge_request.create -o merge_request.merge_when_pipeline_succeeds
 ```
-### Set removing the source branch using git push options
+### Set removing the source branch using Git push options
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/64320) in GitLab 12.2.
@@ -368,7 +368,7 @@ git push -o merge_request.remove_source_branch
 You can also use this push option in addition to the
 `merge_request.create` push option.
-### Set merge request title using git push options
+### Set merge request title using Git push options
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/64320) in GitLab 12.2.
@@ -382,7 +382,7 @@ git push -o merge_request.title="The title I want"
 You can also use this push option in addition to the
 `merge_request.create` push option.
-### Set merge request description using git push options
+### Set merge request description using Git push options
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/64320) in GitLab 12.2.
@@ -396,7 +396,7 @@ git push -o merge_request.description="The description I want"
 You can also use this push option in addition to the
 `merge_request.create` push option.
-### Add or remove labels using git push options
+### Add or remove labels using Git push options
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/31831) in GitLab 12.3.
@@ -666,7 +666,7 @@ tricks to checkout a merge request locally.
 Please note that you can checkout a merge request locally even if the source
 project is a fork (even a private fork) of the target project.
-#### Checkout locally by adding a git alias
+#### Checkout locally by adding a Git alias
 Add the following alias to your `~/.gitconfig`:
@@ -736,9 +736,8 @@ And to check out a particular merge request:
 git checkout origin/merge-requests/1
 ```
-all the above can be done with [git-mr] script.
-[git-mr]: https://gitlab.com/glensc/git-mr
+All the above can be done with the [`git-mr`](https://gitlab.com/glensc/git-mr) script.
 [products]: https://about.gitlab.com/products/ "GitLab products page"
 [protected branches]: ../protected_branches.md
 [ci]: ../../../ci/README.md

doc/user/project/merge_requests/merge_request_dependencies.md

@@ -97,9 +97,9 @@ merge.
 ## Limitations
-- API support: [gitlab#12551](https://gitlab.com/gitlab-org/gitlab/issues/12551)
-- Dependencies are not preserved across project export/import: [gitlab#12549](https://gitlab.com/gitlab-org/gitlab/issues/12549)
-- Complex merge order dependencies are not supported: [gitlab#11393](https://gitlab.com/gitlab-org/gitlab/issues/11393)
+- API support: [issue #12551](https://gitlab.com/gitlab-org/gitlab/issues/12551)
+- Dependencies are not preserved across project export/import: [issue #12549](https://gitlab.com/gitlab-org/gitlab/issues/12549)
+- Complex merge order dependencies are not supported: [issue #11393](https://gitlab.com/gitlab-org/gitlab/issues/11393)
 The last item merits a little more explanation. Dependencies between merge
 requests can be described as a graph of relationships. The simplest possible

doc/user/project/protected_branches.md

@@ -41,7 +41,7 @@ that the `master` branch is protected by default.
 ## Using the Allowed to merge and Allowed to push settings
-> [Introduced][ce-5081] in GitLab 8.11.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/5081) in GitLab 8.11.
 Since GitLab 8.11, we added another layer of branch protection which provides
 more granular management of protected branches. The "Developers can push"
@@ -71,7 +71,7 @@ they are set to "Maintainers" by default.
 ## Restricting push and merge access to certain users **(STARTER)**
-> [Introduced][ce-5081] in [GitLab Starter][ee] 8.11.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/5081) in [GitLab Starter](https://about.gitlab.com/pricing/) 8.11.
 With GitLab Enterprise Edition you can restrict access to protected branches
 by choosing a role (Maintainers, Developers) as well as certain users. From the
@@ -86,7 +86,7 @@ Click **Protect** and the branch will appear in the "Protected branch" list.
 ## Wildcard protected branches
-> [Introduced][ce-4665] in GitLab 8.10.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/4665) in GitLab 8.10.
 You can specify a wildcard protected branch, which will protect all branches
 matching the wildcard. For example:
@@ -131,12 +131,12 @@ To create a new branch through the user interface:
 ## Deleting a protected branch
-> [Introduced][ce-21393] in GitLab 9.3.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/21393) in GitLab 9.3.
 From time to time, it may be required to delete or clean up branches that are
 protected.
-User with [Maintainer permissions][perm] and up can manually delete protected
+User with [Maintainer permissions](../permissions.md) and up can manually delete protected
 branches via GitLab's web interface:
 1. Visit **Repository > Branches**
@@ -166,23 +166,16 @@ for details about the pipelines security model.
 **9.2**
-- Allow deletion of protected branches via the web interface [gitlab-org/gitlab-foss#21393][ce-21393]
+- Allow deletion of protected branches via the web interface ([issue #21393](https://gitlab.com/gitlab-org/gitlab-foss/issues/21393)).
 **8.11**
-- Allow creating protected branches that can't be pushed to [gitlab-org/gitlab-foss!5081][ce-5081]
+- Allow creating protected branches that can't be pushed to ([merge request !5081](https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/5081)).
 **8.10**
-- Allow developers to merge into a protected branch without having push access [gitlab-org/gitlab-foss!4892][ce-4892]
-- Allow specifying protected branches using wildcards [gitlab-org/gitlab-foss!4665][ce-4665]
-
-[ce-4665]: https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/4665 "Allow specifying protected branches using wildcards"
-[ce-4892]: https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/4892 "Allow developers to merge into a protected branch without having push access"
-[ce-5081]: https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/5081 "Allow creating protected branches that can't be pushed to"
-[ce-21393]: https://gitlab.com/gitlab-org/gitlab-foss/issues/21393
-[perm]: ../permissions.md
-[ee]: https://about.gitlab.com/pricing/
+- Allow developers without push access to merge into a protected branch ([merge request !4892](https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/4892)).
+- Allow specifying protected branches using wildcards ([merge request !4665](https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/4665)).
 <!-- ## Troubleshooting

doc/user/project/repository/reducing_the_repo_size_using_git.md

@@ -99,7 +99,7 @@ removed from the repository.
    ![Repository settings cleanup form](img/repository_cleanup.png)
    Upload the `object-id-map.old-new.txt` file and press **Start cleanup**.
-   This will remove any internal git references to the old commits, and run
+   This will remove any internal Git references to the old commits, and run
    `git gc` against the repository. You will receive an email once it has
    completed.

doc/user/reserved_names.md

@@ -4,7 +4,8 @@ Not all project & group names are allowed because they would conflict with
 existing routes used by GitLab.
 For a list of words that are not allowed to be used as group or project names, see the
-[`path_regex.rb` file][reserved] under the `TOP_LEVEL_ROUTES`, `PROJECT_WILDCARD_ROUTES` and `GROUP_ROUTES` lists:
+[`path_regex.rb` file](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/path_regex.rb)
+under the `TOP_LEVEL_ROUTES`, `PROJECT_WILDCARD_ROUTES` and `GROUP_ROUTES` lists:
 - `TOP_LEVEL_ROUTES`: are names that are reserved as usernames or top level groups
 - `PROJECT_WILDCARD_ROUTES`: are names that are reserved for child groups or projects.
@@ -40,52 +41,50 @@ It is currently not possible to create a project with the following names:
 Currently the following names are reserved as top level groups:
-- \-
-- .well-known
-- 404.html
-- 422.html
-- 500.html
-- 502.html
-- 503.html
-- abuse_reports
-- admin
-- api
-- apple-touch-icon-precomposed.png
-- apple-touch-icon.png
-- assets
-- autocomplete
-- ci
-- dashboard
-- deploy.html
-- explore
-- favicon.ico
-- favicon.png
-- files
-- groups
-- health_check
-- help
-- import
-- invites
-- jwt
-- login
-- notification_settings
-- oauth
-- profile
-- projects
-- public
-- robots.txt
-- s
-- search
-- sent_notifications
-- slash-command-logo.png
-- snippets
-- unsubscribes
-- uploads
-- users
-- v2
+- `\-`
+- `.well-known`
+- `404.html`
+- `422.html`
+- `500.html`
+- `502.html`
+- `503.html`
+- `abuse_reports`
+- `admin`
+- `api`
+- `apple-touch-icon-precomposed.png`
+- `apple-touch-icon.png`
+- `assets`
+- `autocomplete`
+- `ci`
+- `dashboard`
+- `deploy.html`
+- `explore`
+- `favicon.ico`
+- `favicon.png`
+- `files`
+- `groups`
+- `health_check`
+- `help`
+- `import`
+- `invites`
+- `jwt`
+- `login`
+- `notification_settings`
+- `oauth`
+- `profile`
+- `projects`
+- `public`
+- `robots.txt`
+- `s`
+- `search`
+- `sent_notifications`
+- `slash-command-logo.png`
+- `snippets`
+- `unsubscribes`
+- `uploads`
+- `users`
+- `v2`
 These group names are unavailable as subgroup names:
-- \-
-
-[reserved]:  https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/path_regex.rb
+- `\-`

lib/api/entities.rb

@@ -965,13 +965,7 @@ module API
       end
       expose :target_url do |todo, options|
-        target_type   = todo.target_type.underscore
-        target_url    = "#{todo.parent.class.to_s.underscore}_#{target_type}_url"
-        target_anchor = "note_#{todo.note_id}" if todo.note_id?
-
-        Gitlab::Routing
-          .url_helpers
-          .public_send(target_url, todo.parent, todo.target, anchor: target_anchor) # rubocop:disable GitlabSecurity/PublicSend
+        todo_target_url(todo)
       end
       expose :body
@@ -983,6 +977,19 @@ module API
         # see also https://gitlab.com/gitlab-org/gitlab-foss/issues/59719
         ::API::Entities.const_get(target_type, false)
       end
+
+      def todo_target_url(todo)
+        target_type = todo.target_type.underscore
+        target_url = "#{todo.parent.class.to_s.underscore}_#{target_type}_url"
+
+        Gitlab::Routing
+          .url_helpers
+          .public_send(target_url, todo.parent, todo.target, anchor: todo_target_anchor(todo)) # rubocop:disable GitlabSecurity/PublicSend
+      end
+
+      def todo_target_anchor(todo)
+        "note_#{todo.note_id}" if todo.note_id?
+      end
     end
     class NamespaceBasic < Grape::Entity

lib/api/internal/pages.rb

@@ -17,11 +17,18 @@ module API
       namespace 'internal' do
         namespace 'pages' do
+          desc 'Get GitLab Pages domain configuration by hostname' do
+            detail 'This feature was introduced in GitLab 12.3.'
+          end
+          params do
+            requires :host, type: String, desc: 'The host to query for'
+          end
           get "/" do
-            host = PagesDomain.find_by_domain(params[:host])
+            host = Namespace.find_by_pages_host(params[:host]) || PagesDomain.find_by_domain(params[:host])
             not_found! unless host
             virtual_domain = host.pages_virtual_domain
+            no_content! unless virtual_domain
             present virtual_domain, with: Entities::Internal::Pages::VirtualDomain
           end

lib/gitlab/url_builder.rb

@@ -81,3 +81,5 @@ module Gitlab
     end
   end
 end
+
+::Gitlab::UrlBuilder.prepend_if_ee('EE::Gitlab::UrlBuilder')

locale/gitlab.pot

@@ -4752,6 +4752,9 @@ msgstr ""
 msgid "Days"
 msgstr ""
+msgid "Days to merge"
+msgstr ""
+
 msgid "Debug"
 msgstr ""
@@ -8096,9 +8099,6 @@ msgstr ""
 msgid "Hook was successfully updated."
 msgstr ""
-msgid "Hours"
-msgstr ""
-
 msgid "Housekeeping"
 msgstr ""
@@ -11599,15 +11599,42 @@ msgstr ""
 msgid "Productivity analytics can help identify the problems that are delaying your team"
 msgstr ""
+msgid "ProductivityAanalytics|Merge requests"
+msgstr ""
+
 msgid "ProductivityAnalytics|Ascending"
 msgstr ""
+msgid "ProductivityAnalytics|Days"
+msgstr ""
+
 msgid "ProductivityAnalytics|Days to merge"
 msgstr ""
 msgid "ProductivityAnalytics|Descending"
 msgstr ""
+msgid "ProductivityAnalytics|Hours"
+msgstr ""
+
+msgid "ProductivityAnalytics|List"
+msgstr ""
+
+msgid "ProductivityAnalytics|Merge Requests"
+msgstr ""
+
+msgid "ProductivityAnalytics|Merge date"
+msgstr ""
+
+msgid "ProductivityAnalytics|Merge requests"
+msgstr ""
+
+msgid "ProductivityAnalytics|Time to merge"
+msgstr ""
+
+msgid "ProductivityAnalytics|Trendline"
+msgstr ""
+
 msgid "Profile"
 msgstr ""

qa/qa.rb

@@ -114,6 +114,7 @@ module QA
       module Integration
         autoload :Github, 'qa/scenario/test/integration/github'
         autoload :LDAPNoTLS, 'qa/scenario/test/integration/ldap_no_tls'
+        autoload :LDAPNoServer, 'qa/scenario/test/integration/ldap_no_server'
         autoload :LDAPTLS, 'qa/scenario/test/integration/ldap_tls'
         autoload :InstanceSAML, 'qa/scenario/test/integration/instance_saml'
         autoload :OAuth, 'qa/scenario/test/integration/oauth'
@@ -394,6 +395,7 @@ module QA
     autoload :KubernetesCluster, 'qa/service/kubernetes_cluster'
     autoload :Omnibus, 'qa/service/omnibus'
     autoload :Runner, 'qa/service/runner'
+    autoload :LDAP, 'qa/service/ldap'
     module ClusterProvider
       autoload :Base, 'qa/service/cluster_provider/base'

qa/qa/fixtures/ldap/admin/1_add_nodes.ldif

+dn: ou=Global Groups,dc=example,dc=org
+objectClass: organizationalUnit
+ou: Global Groups
+
+dn: ou=People,ou=Global Groups,dc=example,dc=org
+objectClass: organizationalUnit
+ou: People

qa/qa/fixtures/ldap/admin/2_add_users.ldif

+
+# 1. hruser1
+
+dn: uid=hruser1,ou=People,ou=Global Groups,dc=example,dc=org
+cn: HR User 1
+givenName: HR
+sn: User1
+uid: hruser1
+uidNumber: 5000
+gidNumber: 10000
+homeDirectory: /home/hruser1
+mail: hruser1@example.org
+objectClass: top
+objectClass: posixAccount
+objectClass: shadowAccount
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+loginShell: /bin/bash
+# hashed value for 'password'
+userPassword: {SSHA}ICMhr6Jxt5bk2awD7HL7GxRTM3BZ1pFI
+
+# 2. adminuser1
+
+dn: uid=adminuser1,ou=People,ou=Global Groups,dc=example,dc=org
+cn: Admin User 1
+givenName: Admin
+sn: User1
+uid: adminuser1
+uidNumber: 5009
+gidNumber: 10009
+homeDirectory: /home/adminuser1
+mail: adminuser1@example.org
+objectClass: top
+objectClass: posixAccount
+objectClass: shadowAccount
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+loginShell: /bin/bash
+# hashed value for 'password'
+userPassword: {SSHA}ICMhr6Jxt5bk2awD7HL7GxRTM3BZ1pFI
+
+# 2. adminuser2
+
+dn: uid=adminuser2,ou=People,ou=Global Groups,dc=example,dc=org
+cn: Admin User 2
+givenName: Admin
+sn: User1
+uid: adminuser2
+uidNumber: 5010
+gidNumber: 10010
+homeDirectory: /home/adminuser2
+mail: adminuser2@example.org
+objectClass: top
+objectClass: posixAccount
+objectClass: shadowAccount
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+loginShell: /bin/bash
+# hashed value for 'password'
+userPassword: {SSHA}ICMhr6Jxt5bk2awD7HL7GxRTM3BZ1pFI

qa/qa/fixtures/ldap/admin/3_add_groups.ldif

+# 1. Human Resources
+
+dn: cn=Human Resources,ou=Global Groups,dc=example,dc=org
+objectClass: groupofnames
+cn: Human Resources
+description: Human Resources
+member: uid=hruser1,ou=People,ou=Global Groups,dc=example,dc=org
+
+# 2. Admin
+
+dn: cn=AdminGroup,ou=Global Groups,dc=example,dc=org
+objectClass: groupofnames
+cn: AdminGroup
+description: Human Resources
+member: uid=adminuser1,ou=People,ou=Global Groups,dc=example,dc=org
+member: uid=adminuser2,ou=People,ou=Global Groups,dc=example,dc=org

qa/qa/fixtures/ldap/non_admin/1_add_nodes.ldif

+dn: ou=Global Groups,dc=example,dc=org
+objectClass: organizationalUnit
+ou: Global Groups
+
+dn: ou=People,ou=Global Groups,dc=example,dc=org
+objectClass: organizationalUnit
+ou: People

qa/qa/fixtures/ldap/non_admin/2_add_users.ldif

+
+# 1. Human Resources
+
+dn: uid=hruser1,ou=People,ou=Global Groups,dc=example,dc=org
+cn: HR User 1
+givenName: HR
+sn: User1
+uid: hruser1
+uidNumber: 5000
+gidNumber: 10000
+homeDirectory: /home/hruser1
+mail: hruser1@example.org
+objectClass: top
+objectClass: posixAccount
+objectClass: shadowAccount
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+loginShell: /bin/bash
+# hashed value for 'password'
+userPassword: {SSHA}ICMhr6Jxt5bk2awD7HL7GxRTM3BZ1pFI
+
+# 2. Admin
+
+dn: uid=adminuser1,ou=People,ou=Global Groups,dc=example,dc=org
+cn: Admin User 1
+givenName: Admin
+sn: User1
+uid: adminuser1
+uidNumber: 5009
+gidNumber: 10009
+homeDirectory: /home/adminuser1
+mail: adminuser1@example.org
+objectClass: top
+objectClass: posixAccount
+objectClass: shadowAccount
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+loginShell: /bin/bash
+# hashed value for 'password'
+userPassword: {SSHA}ICMhr6Jxt5bk2awD7HL7GxRTM3BZ1pFI
+
+dn: uid=adminuser2,ou=People,ou=Global Groups,dc=example,dc=org
+cn: Admin User 2
+givenName: Admin
+sn: User1
+uid: adminuser2
+uidNumber: 5010
+gidNumber: 10010
+homeDirectory: /home/adminuser2
+mail: adminuser2@example.org
+objectClass: top
+objectClass: posixAccount
+objectClass: shadowAccount
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+loginShell: /bin/bash
+# hashed value for 'password'
+userPassword: {SSHA}ICMhr6Jxt5bk2awD7HL7GxRTM3BZ1pFI

qa/qa/fixtures/ldap/non_admin/3_add_groups.ldif

+# 1. Human Resources
+
+dn: cn=Human Resources,ou=Global Groups,dc=example,dc=org
+objectClass: groupofnames
+cn: Human Resources
+description: Human Resources
+member: uid=hruser1,ou=People,ou=Global Groups,dc=example,dc=org
+member: uid=adminuser1,ou=People,ou=Global Groups,dc=example,dc=org
+
+# 2. Admin
+
+dn: cn=AdminGroup,ou=Global Groups,dc=example,dc=org
+objectClass: groupofnames
+cn: AdminGroup
+description: Human Resources
+member: uid=adminuser2,ou=People,ou=Global Groups,dc=example,dc=org