diff --git a/src/userdirectory.js b/src/userdirectory.js index b5cc0e72d..d3c8d4637 100644 --- a/src/userdirectory.js +++ b/src/userdirectory.js @@ -32,8 +32,6 @@ let gServer = null; const NOOP = function () {}; -const GROUP_USERS_DN = 'cn=users,ou=groups,dc=cloudron'; -const GROUP_ADMINS_DN = 'cn=admins,ou=groups,dc=cloudron'; const SET_LDAP_ALLOWLIST_CMD = path.join(__dirname, 'scripts/setldapallowlist.sh'); async function validateConfig(config) { @@ -155,10 +153,7 @@ async function userSearch(req, res, next) { // skip entries with empty username. Some apps like owncloud can't deal with this if (!user.username) return; - const dn = ldap.parseDN('cn=' + user.id + ',ou=users,dc=cloudron'); - - const memberof = [ GROUP_USERS_DN ]; - if (users.compareRoles(user.role, users.ROLE_ADMIN) >= 0) memberof.push(GROUP_ADMINS_DN); + const dn = ldap.parseDN(`cn=${user.id},ou=users,dc=cloudron`); const displayName = user.displayName || user.username || ''; // displayName can be empty and username can be null const nameParts = displayName.split(' '); @@ -179,7 +174,7 @@ async function userSearch(req, res, next) { givenName: firstName, username: user.username, samaccountname: user.username, // to support ActiveDirectory clients - memberof: memberof + // memberof: user.groupIds.map(function (gid) { return `cn=${gid},ou=groups,dc=cloudron`; }) <- use cn=group.name instead of id } }; @@ -211,7 +206,7 @@ async function groupSearch(req, res, next) { if (errorGroups) return next(new ldap.OperationsError(errorGroups.toString())); resultGroups.forEach(function (group) { - const dn = ldap.parseDN('cn=' + group.name + ',ou=groups,dc=cloudron'); + const dn = ldap.parseDN(`cn=${group.name},ou=groups,dc=cloudron`); const members = group.userIds.filter(function (uid) { return result.map(function (u) { return u.id; }).indexOf(uid) !== -1; }); const obj = { @@ -219,6 +214,7 @@ async function groupSearch(req, res, next) { attributes: { objectclass: ['group'], cn: group.name, + gidnumber: group.id, memberuid: members } };