bitwarden/directory-connector
1
0
Fork 0
mirror of https://github.com/bitwarden/directory-connector synced 2025-12-15 07:43:27 +00:00
Code Issues Releases Wiki Activity

fix LDAP membership

Browse Source
This commit is contained in:
Sugianto BW
2025-08-07 12:39:04 +08:00
committed by Thomas Rittson
parent e74546e8c3
commit 88a1dc7334
1 changed files with 33 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
src/services/ldap-directory.service.ts
View File

@@ -118,7 +118,7 @@ export class LdapDirectoryService implements IDirectoryService {
[delControl], [delControl],
); );
return regularUsers.concat(deletedUsers); return regularUsers.concat(deletedUsers);
} catch (e) { } catch {
this.logService.warning("Cannot query deleted users."); this.logService.warning("Cannot query deleted users.");
return regularUsers; return regularUsers;
} }
@@ -193,13 +193,20 @@ export class LdapDirectoryService implements IDirectoryService {
); );
const userPath = this.makeSearchPath(this.syncConfig.userPath); const userPath = this.makeSearchPath(this.syncConfig.userPath);
const userIdMap = new Map<string, string>(); const userIdMap = new Map<string, string>();
const userUidMap = new Map<string, string>();
await this.search<string>(userPath, userFilter, (se: any) => { await this.search<string>(userPath, userFilter, (se: any) => {
userIdMap.set(this.getReferenceId(se), this.getExternalId(se, this.getReferenceId(se))); const dn = this.getReferenceId(se);
const uid = this.getAttr<string>(se, "uid");
const externalId = this.getExternalId(se, dn);
userIdMap.set(dn, externalId);
if (uid != null) {
userUidMap.set(uid, externalId);
}
return se; return se;
}); });
for (const se of groupSearchEntries) { for (const se of groupSearchEntries) {
const group = this.buildGroup(se, userIdMap); const group = this.buildGroup(se, userIdMap, userUidMap);
if (group != null) { if (group != null) {
entries.push(group); entries.push(group);
} }
@@ -208,7 +215,11 @@ export class LdapDirectoryService implements IDirectoryService {
return entries; return entries;
} }
private buildGroup(searchEntry: any, userMap: Map<string, string>) { private buildGroup(
searchEntry: any,
userMap: Map<string, string>,
userUidMap: Map<string, string>,
) {
const group = new GroupEntry(); const group = new GroupEntry();
group.referenceId = this.getReferenceId(searchEntry); group.referenceId = this.getReferenceId(searchEntry);
if (group.referenceId == null) { if (group.referenceId == null) {
@@ -228,11 +239,24 @@ export class LdapDirectoryService implements IDirectoryService {
const members = this.getAttrVals<string>(searchEntry, this.syncConfig.memberAttribute); const members = this.getAttrVals<string>(searchEntry, this.syncConfig.memberAttribute);
if (members != null) { if (members != null) {
for (const memDn of members) { for (const member of members) {
if (userMap.has(memDn) && !group.userMemberExternalIds.has(userMap.get(memDn))) { // Check if member is a DN (contains '=' and ',')
group.userMemberExternalIds.add(userMap.get(memDn)); const isDn = member.includes("=") && member.includes(",");
} else if (!group.groupMemberReferenceIds.has(memDn)) {
group.groupMemberReferenceIds.add(memDn); if (isDn) {
// Member is a DN
if (userMap.has(member) && !group.userMemberExternalIds.has(userMap.get(member))) {
group.userMemberExternalIds.add(userMap.get(member));
} else if (!group.groupMemberReferenceIds.has(member)) {
group.groupMemberReferenceIds.add(member);
}
} else {
// Member is likely a UID
if (userUidMap.has(member) && !group.userMemberExternalIds.has(userUidMap.get(member))) {
group.userMemberExternalIds.add(userUidMap.get(member));
} else if (!group.groupMemberReferenceIds.has(member)) {
group.groupMemberReferenceIds.add(member);
}
} }
} }
} }