add ldap group tests and fixes for the found issues
This commit is contained in:
Johannes Zellner
+30
-5
@@ -219,6 +219,18 @@ function testConfig(config, callback) {
|
||||
if (!config.filter) return callback(new BoxError(BoxError.BAD_FIELD, 'filter must not be empty'));
|
||||
try { ldap.parseFilter(config.filter); } catch (e) { return callback(new BoxError(BoxError.BAD_FIELD, 'invalid filter')); }
|
||||
|
||||
if ('syncGroups' in config && typeof config.syncGroups !== 'boolean') return callback(new BoxError(BoxError.BAD_FIELD, 'syncGroups must be a boolean'));
|
||||
|
||||
if (config.syncGroups) {
|
||||
if (!config.groupBaseDn) return callback(new BoxError(BoxError.BAD_FIELD, 'groupBaseDn must not be empty'));
|
||||
try { ldap.parseDN(config.groupBaseDn); } catch (e) { return callback(new BoxError(BoxError.BAD_FIELD, 'invalid groupBaseDn')); }
|
||||
|
||||
if (!config.groupFilter) return callback(new BoxError(BoxError.BAD_FIELD, 'groupFilter must not be empty'));
|
||||
try { ldap.parseFilter(config.groupFilter); } catch (e) { return callback(new BoxError(BoxError.BAD_FIELD, 'invalid groupFilter')); }
|
||||
|
||||
if (!config.groupnameField || typeof config.groupnameField !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'groupFilter must not be empty'));
|
||||
}
|
||||
|
||||
getClient(config, function (error, client) {
|
||||
if (error) return callback(error);
|
||||
|
||||
@@ -395,7 +407,7 @@ function syncGroups(externalLdapConfig, progressCallback, callback) {
|
||||
|
||||
if (!externalLdapConfig.syncGroups) {
|
||||
debug('Group sync is disabled');
|
||||
progressCallback({ percent: 70, message: `Skipping group sync...` });
|
||||
progressCallback({ percent: 70, message: 'Skipping group sync...' });
|
||||
return callback(null, []);
|
||||
}
|
||||
|
||||
@@ -409,8 +421,10 @@ function syncGroups(externalLdapConfig, progressCallback, callback) {
|
||||
|
||||
// we ignore all non internal errors here and just log them for now
|
||||
async.eachSeries(ldapGroups, function (ldapGroup, iteratorCallback) {
|
||||
var groupName = ldapGroup[externalLdapConfig.groupnameField || 'cn'];
|
||||
var groupName = ldapGroup[externalLdapConfig.groupnameField];
|
||||
if (!groupName) return iteratorCallback();
|
||||
// some servers return empty array for unknown properties :-/
|
||||
if (typeof groupName !== 'string') return iteratorCallback();
|
||||
|
||||
// groups are lowercase
|
||||
groupName = groupName.toLowerCase();
|
||||
@@ -462,16 +476,27 @@ function syncGroupUsers(externalLdapConfig, progressCallback, callback) {
|
||||
debug(`Found ${ldapGroups.length} groups to sync users`);
|
||||
|
||||
async.eachSeries(ldapGroups, function (group, iteratorCallback) {
|
||||
debug(`Synd users for group ${group.name}`);
|
||||
debug(`Sync users for group ${group.name}`);
|
||||
|
||||
ldapGroupSearch(externalLdapConfig, { filter: `${externalLdapConfig.groupnameField}=${group.name}` }, function (error, result) {
|
||||
ldapGroupSearch(externalLdapConfig, {}, function (error, result) {
|
||||
if (error) return callback(error);
|
||||
if (!result || result.length === 0) {
|
||||
console.error(`Unable to find group ${group.name} ignoring for now.`);
|
||||
return callback();
|
||||
}
|
||||
|
||||
var ldapGroupMembers = result[0].member;
|
||||
// since our group names are lowercase we cannot use potentially case matching ldap filters
|
||||
let found = result.find(function (r) {
|
||||
if (!r[externalLdapConfig.groupnameField]) return false;
|
||||
return r[externalLdapConfig.groupnameField].toLowerCase() === group.name;
|
||||
});
|
||||
|
||||
if (!found) {
|
||||
console.error(`Unable to find group ${group.name} ignoring for now.`);
|
||||
return callback();
|
||||
}
|
||||
|
||||
var ldapGroupMembers = found.member || [];
|
||||
|
||||
debug(`Group ${group.name} has ${ldapGroupMembers.length} members.`);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user