diff --git a/ldapSync/db.go b/ldapSync/db.go index b90af32..06852f4 100644 --- a/ldapSync/db.go +++ b/ldapSync/db.go @@ -11,6 +11,8 @@ import ( "github.com/pocketbase/pocketbase" "github.com/pocketbase/pocketbase/forms" "github.com/pocketbase/pocketbase/models" + "os" + "strings" ) // upsertLDAPGroup This function creates / updates a record in the ldap groups table @@ -97,20 +99,34 @@ func upsertLDAPUser(app *pocketbase.PocketBase, ldapUser *LDAPUser) error { } } + // calculate accountExpires accountExpires, _ := ldapTimeToUnixTime(ldapUser.accountExpires) var memberOfGroupIds []string + var isAdmin bool // get group ids from group dns for _, groupDn := range ldapUser.memberOf { + + // get group by dn group, err := GetLdapGroupByDN(app, groupDn) - if err == nil { - memberOfGroupIds = append(memberOfGroupIds, group.Id) - } else { + + // check if error + if err != nil { logger.LogErrorF("unable to find %s.memberOf: %s", ldapUser.cn, groupDn) + continue } + + // check if user is in admin group + if strings.ToLower(group.Get("dn").(string)) == strings.ToLower(os.Getenv("LDAP_ADMIN_GROUP_DN")) { + isAdmin = true + } + + // add group id to memberOfGroupIds + memberOfGroupIds = append(memberOfGroupIds, group.Id) } + // set data record.Set("objectGUID", ldapUser.objectGUID) record.Set("givenName", ldapUser.givenName) record.Set("sn", ldapUser.sn) @@ -123,6 +139,7 @@ func upsertLDAPUser(app *pocketbase.PocketBase, ldapUser *LDAPUser) error { record.Set("cn", ldapUser.cn) record.Set("memberOf", memberOfGroupIds) record.Set("REALM", ldapUser.REALM) + record.Set("isAdmin", isAdmin) if err := app.Dao().SaveRecord(record); err != nil { return fmt.Errorf("failed to upsert user with dn: %s - %w", ldapUser.dn, err)