Also find groups added through groupOfUniqueNames

when looking up groups assigned to a user
theforeman · Apr 9, 2024 · 0667edb · 0667edb
1 parent 77a387a
commit 0667edb
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 5 deletions.
diff --git a/lib/ldap_fluff/posix_member_service.rb b/lib/ldap_fluff/posix_member_service.rb
@@ -18,7 +18,7 @@ def find_user(uid, base_dn = @base)
   def find_user_groups(uid)
     groups = []
     @ldap.search(
-      :filter => Net::LDAP::Filter.eq('memberuid', uid),
+      :filter => user_group_filter(uid),
       :base => @group_base, :attributes => ["cn"]
     ).each do |entry|
       groups << entry[:cn][0]
@@ -52,4 +52,12 @@ class UIDNotFoundException < LdapFluff::Error
 
   class GIDNotFoundException < LdapFluff::Error
   end
+
+  private
+
+  def user_group_filter(uid)
+    unique_filter = Net::LDAP::Filter.eq('uniquemember', "uid=#{uid},#{@base}") &
+                    Net::LDAP::Filter.eq('objectClass', 'groupOfUniqueNames')
+    Net::LDAP::Filter.eq('memberuid', uid) | unique_filter
+  end
 end
diff --git a/test/posix_member_services_test.rb b/test/posix_member_services_test.rb
@@ -19,20 +19,24 @@ def test_find_user
 
   def test_find_user_groups
     user = posix_group_payload
-    @ldap.expect(:search, user, [:filter => @ms.name_filter('john'),
+    username = 'john'
+    filter = @ms.send(:user_group_filter, username)
+    @ldap.expect(:search, user, [:filter => filter,
                                  :base => config.group_base,
                                  :attributes => ["cn"]])
     @ms.ldap = @ldap
-    assert_equal ['broze'], @ms.find_user_groups('john')
+    assert_equal ['broze'], @ms.find_user_groups(username)
     @ldap.verify
   end
 
   def test_find_no_groups
-    @ldap.expect(:search, [], [:filter => @ms.name_filter("john"),
+    username = 'john'
+    filter = @ms.send(:user_group_filter, username)
+    @ldap.expect(:search, [], [:filter => filter,
                                :base => config.group_base,
                                :attributes => ["cn"]])
     @ms.ldap = @ldap
-    assert_equal [], @ms.find_user_groups('john')
+    assert_equal [], @ms.find_user_groups(username)
     @ldap.verify
   end
 
@@ -69,4 +73,12 @@ def test_group_doesnt_exists
     assert_raises(LdapFluff::Posix::MemberService::GIDNotFoundException) { @ms.find_group('broze') }
     @ldap.verify
   end
+
+  def test_user_group_filter
+    username = 'john'
+    unique_filter = Net::LDAP::Filter.eq('uniquemember', "uid=#{username},#{config.base_dn}") &
+                    Net::LDAP::Filter.eq('objectClass', 'groupOfUniqueNames')
+    expected = @ms.name_filter(username) | unique_filter
+    assert_equal expected, @ms.send(:user_group_filter, username)
+  end
 end