feat(ldapSync): added support for isAdmin field
Build and Push Docker image / build-and-push (push) Successful in 2m8s Details

This commit is contained in:
Valentin Kolb 2024-11-01 13:39:34 +01:00
parent 4d185f217b
commit 50da122f22
1 changed files with 20 additions and 3 deletions

View File

@ -11,6 +11,8 @@ import (
"github.com/pocketbase/pocketbase"
"github.com/pocketbase/pocketbase/forms"
"github.com/pocketbase/pocketbase/models"
"os"
"strings"
)
// upsertLDAPGroup This function creates / updates a record in the ldap groups table
@ -97,20 +99,34 @@ func upsertLDAPUser(app *pocketbase.PocketBase, ldapUser *LDAPUser) error {
}
}
// calculate accountExpires
accountExpires, _ := ldapTimeToUnixTime(ldapUser.accountExpires)
var memberOfGroupIds []string
var isAdmin bool
// get group ids from group dns
for _, groupDn := range ldapUser.memberOf {
// get group by dn
group, err := GetLdapGroupByDN(app, groupDn)
if err == nil {
memberOfGroupIds = append(memberOfGroupIds, group.Id)
} else {
// check if error
if err != nil {
logger.LogErrorF("unable to find %s.memberOf: %s", ldapUser.cn, groupDn)
continue
}
// check if user is in admin group
if strings.ToLower(group.Get("dn").(string)) == strings.ToLower(os.Getenv("LDAP_ADMIN_GROUP_DN")) {
isAdmin = true
}
// add group id to memberOfGroupIds
memberOfGroupIds = append(memberOfGroupIds, group.Id)
}
// set data
record.Set("objectGUID", ldapUser.objectGUID)
record.Set("givenName", ldapUser.givenName)
record.Set("sn", ldapUser.sn)
@ -123,6 +139,7 @@ func upsertLDAPUser(app *pocketbase.PocketBase, ldapUser *LDAPUser) error {
record.Set("cn", ldapUser.cn)
record.Set("memberOf", memberOfGroupIds)
record.Set("REALM", ldapUser.REALM)
record.Set("isAdmin", isAdmin)
if err := app.Dao().SaveRecord(record); err != nil {
return fmt.Errorf("failed to upsert user with dn: %s - %w", ldapUser.dn, err)