Skip to content

Commit

Permalink
Merge pull request #17497 from jvlcek/bz_1353037_group_attribute
Browse files Browse the repository at this point in the history
Extend support from memberof to other multi-value attribute for group membership
  • Loading branch information
gtanzillo authored Jun 1, 2018
2 parents fe9cd96 + f290134 commit 7979215
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 2 deletions.
1 change: 1 addition & 0 deletions config/settings.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
:follow_referrals: false
:get_direct_groups: true
:group_memberships_max_depth: 2
:group_attribute: memberof
:ldaphost:
:ldapport: '389'
:mode: database
Expand Down
5 changes: 3 additions & 2 deletions lib/miq_ldap.rb
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ def initialize(options = {})
@bind_timeout = options.delete(:bind_timeout) || ::Settings.authentication.bind_timeout.to_i_with_method
@search_timeout = options.delete(:search_timeout) || ::Settings.authentication.search_timeout.to_i_with_method
@follow_referrals = options.delete(:follow_referrals) || ::Settings.authentication.follow_referrals
@group_attribute = options.delete(:group_attribute) || ::Settings.authentication.group_attribute
options[:host] ||= ::Settings.authentication.ldaphost
options[:port] ||= ::Settings.authentication.ldapport
options[:host] = resolve_host(options[:host], options[:port])
Expand Down Expand Up @@ -304,7 +305,7 @@ def get_user_object(username, user_type = nil)
user_type ||= @user_type.split("-").first
user_type = "dn" if self.is_dn?(username)
begin
search_opts = {:base => @basedn, :scope => :sub, :attributes => ["*", "memberof"]}
search_opts = {:base => @basedn, :scope => :sub, :attributes => ["*", @group_attribute]}

case user_type
when "samaccountname"
Expand Down Expand Up @@ -368,7 +369,7 @@ def get_user_info(username, user_type = 'mail')
udata
end

def get_memberships(obj, max_depth = 0, attr = :memberof, followed = [], current_depth = 0)
def get_memberships(obj, max_depth = 0, attr = @group_attribute.to_sym, followed = [], current_depth = 0)
current_depth += 1

_log.debug("Enter get_memberships: #{obj.inspect}")
Expand Down
23 changes: 23 additions & 0 deletions spec/lib/miq_ldap_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -157,4 +157,27 @@
expect(ldap.ldap.instance_variable_get(:@encryption)).to be_nil
end
end

context '#get_user_object' do
before do
allow(TCPSocket).to receive(:new)
@opts = {:base => nil, :scope => :sub, :filter => "([email protected])"}
end

it "searches for group memberships with the specified group attribute" do
ldap = MiqLdap.new(:host => ["192.0.2.2"], :group_attribute => "groupMembership")
@opts[:attributes] = ["*", "groupMembership"]
expect(ldap).to receive(:search).with(@opts)

ldap.get_user_object("[email protected]", "upn")
end

it "searches for group memberships with the default group attribute" do
ldap = MiqLdap.new(:host => ["192.0.2.2"])
@opts[:attributes] = ["*", "memberof"]
expect(ldap).to receive(:search).with(@opts)

ldap.get_user_object("[email protected]", "upn")
end
end
end

0 comments on commit 7979215

Please sign in to comment.