Look up user before looking for groups

theforeman · Apr 9, 2024 · 27f6f9d · 27f6f9d
1 parent 0667edb
commit 27f6f9d
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 16 deletions.
diff --git a/lib/ldap_fluff/posix_member_service.rb b/lib/ldap_fluff/posix_member_service.rb
@@ -16,14 +16,17 @@ def find_user(uid, base_dn = @base)
   # return an ldap user with groups attached
   # note : this method is not particularly fast for large ldap systems
   def find_user_groups(uid)
+    user = find_user(uid).first
     groups = []
     @ldap.search(
-      :filter => user_group_filter(uid),
+      :filter => user_group_filter(uid, user[:dn].first),
       :base => @group_base, :attributes => ["cn"]
     ).each do |entry|
       groups << entry[:cn][0]
     end
     groups
+  rescue UIDNotFoundException
+    return []
   end
 
   def times_in_groups(uid, gids, all)
@@ -55,8 +58,8 @@ class GIDNotFoundException < LdapFluff::Error
 
   private
 
-  def user_group_filter(uid)
-    unique_filter = Net::LDAP::Filter.eq('uniquemember', "uid=#{uid},#{@base}") &
+  def user_group_filter(uid, user_dn)
+    unique_filter = Net::LDAP::Filter.eq('uniquemember', user_dn) &
                     Net::LDAP::Filter.eq('objectClass', 'groupOfUniqueNames')
     Net::LDAP::Filter.eq('memberuid', uid) | unique_filter
   end

diff --git a/test/lib/ldap_test_helper.rb b/test/lib/ldap_test_helper.rb
@@ -121,7 +121,7 @@ def netiq_group_payload
   end
 
   def posix_user_payload
-    [{ :cn => ["john"] }]
+    [{ :cn => ["john"], :dn => ["cn=john,ou=people,dc=internet,dc=com"] }]
   end
 
   def posix_group_payload

diff --git a/test/posix_member_services_test.rb b/test/posix_member_services_test.rb
@@ -18,10 +18,14 @@ def test_find_user
   end
 
   def test_find_user_groups
-    user = posix_group_payload
+    group = posix_group_payload
+    user = posix_user_payload
     username = 'john'
-    filter = @ms.send(:user_group_filter, username)
-    @ldap.expect(:search, user, [:filter => filter,
+
+    @ldap.expect(:search, user, [:filter => @ms.name_filter(username),
+                                 :base => config.base_dn])
+    filter = @ms.send(:user_group_filter, username, user.first[:dn].first)
+    @ldap.expect(:search, group, [:filter => filter,
                                  :base => config.group_base,
                                  :attributes => ["cn"]])
     @ms.ldap = @ldap
@@ -30,8 +34,11 @@ def test_find_user_groups
   end
 
   def test_find_no_groups
+    user = posix_user_payload
     username = 'john'
-    filter = @ms.send(:user_group_filter, username)
+    @ldap.expect(:search, user, [:filter => @ms.name_filter(username),
+                                 :base => config.base_dn])
+    filter = @ms.send(:user_group_filter, username, user.first[:dn].first)
     @ldap.expect(:search, [], [:filter => filter,
                                :base => config.group_base,
                                :attributes => ["cn"]])
@@ -73,12 +80,4 @@ def test_group_doesnt_exists
     assert_raises(LdapFluff::Posix::MemberService::GIDNotFoundException) { @ms.find_group('broze') }
     @ldap.verify
   end
-
-  def test_user_group_filter
-    username = 'john'
-    unique_filter = Net::LDAP::Filter.eq('uniquemember', "uid=#{username},#{config.base_dn}") &
-                    Net::LDAP::Filter.eq('objectClass', 'groupOfUniqueNames')
-    expected = @ms.name_filter(username) | unique_filter
-    assert_equal expected, @ms.send(:user_group_filter, username)
-  end
 end