external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-02-12 11:01:52 +00:00
Code Issues Releases Wiki Activity

Added LDAP membership user group sync options (#4415)

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2022-08-22 11:43:45 -07:00
parent 0ce946bd90
commit 00765288e6
1 changed files with 23 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
webserver.js
View file

@ -13,7 +13,7 @@
/*jshint esversion: 6 */ /*jshint esversion: 6 */
'use strict'; 'use strict';
// SerialTunnel object is used to embed TLS within another connection.e // SerialTunnel object is used to embed TLS within another connection.
function SerialTunnel(options) { function SerialTunnel(options) {
var obj = new require('stream').Duplex(options); var obj = new require('stream').Duplex(options);
obj.forwardwrite = null; obj.forwardwrite = null;
@ -486,6 +486,28 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
if (userMembershipMatch === false) { parent.debug('ldap', 'Denying login to a user that is not a member of a LDAP required group.'); fn('denied'); return; } // If there is no match, deny the login if (userMembershipMatch === false) { parent.debug('ldap', 'Denying login to a user that is not a member of a LDAP required group.'); fn('denied'); return; } // If there is no match, deny the login
} }
// See if we need to sync LDAP user memberships with user groups
if (domain.ldapsyncwithusergroups === true) { domain.ldapsyncwithusergroups = {}; }
if (typeof domain.ldapsyncwithusergroups == 'object') {
// LDAP user memberships sync is enabled, see if there are any filters to apply
if (typeof domain.ldapsyncwithusergroups.filter == 'string') { domain.ldapsyncwithusergroups.filter = [domain.ldapsyncwithusergroups.filter]; }
if (Array.isArray(domain.ldapsyncwithusergroups.filter)) {
const g = [];
for (var i in userMemberships) {
var match = false;
for (var j in domain.ldapsyncwithusergroups.filter) {
if (userMemberships[i].indexOf(domain.ldapsyncwithusergroups.filter[j]) >= 0) { match = true; }
}
if (match) { g.push(userMemberships[i]); }
}
console.log(g);
userMemberships = g;
}
} else {
// LDAP user memberships sync is disabled, sync the user with empty membership
userMemberships = [];
}
// Get the email address for this LDAP user // Get the email address for this LDAP user
var email = null; var email = null;
if (domain.ldapuseremail) { email = xxuser[domain.ldapuseremail]; } else if (xxuser['mail']) { email = xxuser['mail']; } // Use given feild name or default if (domain.ldapuseremail) { email = xxuser[domain.ldapuseremail]; } else if (xxuser['mail']) { email = xxuser['mail']; } // Use given feild name or default