From 82e25ccef0dfc0e44d28474d8fd3af2e242cb7cd Mon Sep 17 00:00:00 2001 From: garrettmills Date: Wed, 10 Mar 2021 19:12:46 -0600 Subject: [PATCH] LDAP - support posixGroups in group model --- app/models/auth/Group.model.js | 41 +++++++++++++++++++++++++++++++--- 1 file changed, 38 insertions(+), 3 deletions(-) diff --git a/app/models/auth/Group.model.js b/app/models/auth/Group.model.js index 133ce08..69ef314 100644 --- a/app/models/auth/Group.model.js +++ b/app/models/auth/Group.model.js @@ -11,6 +11,8 @@ class GroupModel extends Model { return { name: String, user_ids: [String], + posix_user_id: String, + posix_group_id: Number, active: { type: Boolean, default: true }, ldap_visible: { type: Boolean, default: true }, } @@ -31,16 +33,49 @@ class GroupModel extends Model { async to_ldap() { const users = await this.users() - return { + const data = { cn: this.name, dn: this.dn.format(this.configs.get('ldap:server.format')), - objectClass: 'groupOfNames', + objectClass: ['groupOfNames'], member: users.map(x => x.dn.format(this.configs.get('ldap:server.format'))), } + + if ( this.posix_group_id ) { + data.objectClass.push('posixGroup') + data.gidNumber = this.posix_group_id + } + + return data } static async ldap_directory() { - return this.find({ ldap_visible: true, active: true }) + const User = this.prototype.models.get('auth:User') + const groups = await this.find({ ldap_visible: true, active: true }) + + const posix_user_ids = groups.map(group => group.posix_user_id) + .filter(Boolean) + .map(id => User.to_object_id(id)) + + const missing_posix_users = await User.find({ + ldap_visible: true, + _id: { + $nin: posix_user_ids + } + }) + + for ( const user of missing_posix_users ) { + const group = new this({ + name: `${user.uid} (posix)`, + user_ids: [user.id], + posix_user_id: user.id, + posix_group_id: await user.get_uid_number(), + }) + + await group.save() + groups.push(group) + } + + return groups } async to_api() {