Merge pull request #8378 from Typositoire/ldap/nested-groups

Search for LDAP_MATCHING_RULE_IN_CHAIN groups
2024-09-21 08:40:10 +00:00 · 2019-08-18 16:07:16 +08:00 · 2019-08-18 16:07:16 +08:00 · 504202ecfd
commit 504202ecfd
parent 747bf849d2 6435f32bc5
1 changed files with 36 additions and 0 deletions
--- a/src/common/utils/ldap/ldap.go
+++ b/src/common/utils/ldap/ldap.go
@ -220,6 +220,27 @@ func (session *Session) SearchUser(username string) ([]models.LdapUser, error) {
 			}
 			u.GroupDNList = groupDNList
 		}
+
+		log.Debugf("Searching for nested groups")
+		nestedGroupDNList := []string{}
+		nestedGroupFilter := createNestedGroupFilter(ldapEntry.DN)
+		result, err := session.SearchLdap(nestedGroupFilter)
+		if err != nil {
+			return nil, err
+		}
+
+		for _, groupEntry := range result.Entries {
+			if !contains(u.GroupDNList, groupEntry.DN) {
+				nestedGroupDNList = append(nestedGroupDNList, strings.TrimSpace(groupEntry.DN))
+				log.Debugf("Found group %v", groupEntry.DN)
+			} else {
+				log.Debugf("%v is already in GroupDNList", groupEntry.DN)
+			}
+		}
+
+		u.GroupDNList = append(u.GroupDNList, nestedGroupDNList...)
+		log.Debugf("Done searching for nested groups")
+
 		u.DN = ldapEntry.DN
 		ldapUsers = append(ldapUsers, u)

@ -419,3 +440,18 @@ func createGroupSearchFilter(oldFilter, groupName, groupNameAttribute string) st
 	}
 	return filter
 }
+
+func createNestedGroupFilter(userDN string) string {
+	filter := ""
+	filter = "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:=" + userDN + "))"
+	return filter
+}
+
+func contains(s []string, e string) bool {
+	for _, a := range s {
+		if a == e {
+			return true
+		}
+	}
+	return false
+}