diff --git a/src/externalldap.js b/src/externalldap.js index bf5d755a8..0452f9a60 100644 --- a/src/externalldap.js +++ b/src/externalldap.js @@ -129,7 +129,7 @@ function ldapGroupSearch(externalLdapConfig, options, callback) { assert.strictEqual(typeof options, 'object'); assert.strictEqual(typeof callback, 'function'); - if (!externalLdapConfig.groupBaseDn) return callback(null, []); + if (!externalLdapConfig.syncGroups) return callback(null, []); getClient(externalLdapConfig, function (error, client) { if (error) return callback(error); @@ -309,65 +309,67 @@ function sync(progressCallback, callback) { if (error) return callback(error); if (externalLdapConfig.provider === 'noop') return callback(new BoxError(BoxError.BAD_STATE, 'not enabled')); - ldapGroupSearch(externalLdapConfig, {}, function (error, ldapGroups) { - if (error) callback(error); + ldapUserSearch(externalLdapConfig, {}, function (error, ldapUsers) { + if (error) return callback(error); - debug(`Found ${ldapGroups.length} groups`); + debug(`Found ${ldapUsers.length} users`); + let percent = 10; + let step = 90/(ldapUsers.length+1); // ensure no divide by 0 - ldapUserSearch(externalLdapConfig, {}, function (error, ldapUsers) { + // we ignore all errors here and just log them for now + async.eachSeries(ldapUsers, function (user, iteratorCallback) { + user = translateUser(externalLdapConfig, user); + + if (!validUserRequirements(user)) return iteratorCallback(); + + percent += step; + progressCallback({ percent, message: `Syncing... ${user.username}` }); + + users.getByUsername(user.username, function (error, result) { + if (error && error.reason !== BoxError.NOT_FOUND) { + debug(`Could not find user with username ${user.username}: ${error.message}`); + return iteratorCallback(); + } + + if (error) { + debug(`[adding user] username=${user.username} email=${user.email} displayName=${user.displayName}`); + + users.create(user.username, null /* password */, user.email, user.displayName, { source: 'ldap' }, auditSource.EXTERNAL_LDAP_TASK, function (error) { + if (error) console.error('Failed to create user', user, error); + iteratorCallback(); + }); + } else if (result.source !== 'ldap') { + debug(`[conflicting user] username=${user.username} email=${user.email} displayName=${user.displayName}`); + + iteratorCallback(); + } else if (result.email !== user.email || result.displayName !== user.displayName) { + debug(`[updating user] username=${user.username} email=${user.email} displayName=${user.displayName}`); + + users.update(result, { email: user.email, fallbackEmail: user.email, displayName: user.displayName }, auditSource.EXTERNAL_LDAP_TASK, function (error) { + if (error) debug('Failed to update user', user, error); + + iteratorCallback(); + }); + } else { + // user known and up-to-date + debug(`[up-to-date user] username=${user.username} email=${user.email} displayName=${user.displayName}`); + + iteratorCallback(); + } + }); + }, function (error) { if (error) return callback(error); - debug(`Found ${ldapUsers.length} users`); - let percent = 10; - let step = 90/(ldapUsers.length+1); // ensure no divide by 0 + ldapGroupSearch(externalLdapConfig, {}, function (error, ldapGroups) { + if (error) return callback(error); - // we ignore all errors here and just log them for now - async.eachSeries(ldapUsers, function (user, iteratorCallback) { - user = translateUser(externalLdapConfig, user); + debug(`Found ${ldapGroups.length} groups`); - if (!validUserRequirements(user)) return iteratorCallback(); - - percent += step; - progressCallback({ percent, message: `Syncing... ${user.username}` }); - - users.getByUsername(user.username, function (error, result) { - if (error && error.reason !== BoxError.NOT_FOUND) { - debug(`Could not find user with username ${user.username}: ${error.message}`); - return iteratorCallback(); - } - - if (error) { - debug(`[adding user] username=${user.username} email=${user.email} displayName=${user.displayName}`); - - users.create(user.username, null /* password */, user.email, user.displayName, { source: 'ldap' }, auditSource.EXTERNAL_LDAP_TASK, function (error) { - if (error) console.error('Failed to create user', user, error); - iteratorCallback(); - }); - } else if (result.source !== 'ldap') { - debug(`[conflicting user] username=${user.username} email=${user.email} displayName=${user.displayName}`); - - iteratorCallback(); - } else if (result.email !== user.email || result.displayName !== user.displayName) { - debug(`[updating user] username=${user.username} email=${user.email} displayName=${user.displayName}`); - - users.update(result, { email: user.email, fallbackEmail: user.email, displayName: user.displayName }, auditSource.EXTERNAL_LDAP_TASK, function (error) { - if (error) debug('Failed to update user', user, error); - - iteratorCallback(); - }); - } else { - // user known and up-to-date - debug(`[up-to-date user] username=${user.username} email=${user.email} displayName=${user.displayName}`); - - iteratorCallback(); - } - }); - }, function (error) { debug('sync: ldap sync is done', error); + callback(error); }); }); }); - }); }