From 27f6f9d391e131c67ae2d2a8d4c681a8369ac75e Mon Sep 17 00:00:00 2001 From: Adam Ruzicka Date: Tue, 9 Apr 2024 10:29:03 +0200 Subject: [PATCH] Look up user before looking for groups --- lib/ldap_fluff/posix_member_service.rb | 9 ++++++--- test/lib/ldap_test_helper.rb | 2 +- test/posix_member_services_test.rb | 23 +++++++++++------------ 3 files changed, 18 insertions(+), 16 deletions(-) diff --git a/lib/ldap_fluff/posix_member_service.rb b/lib/ldap_fluff/posix_member_service.rb index 4ac40d6..51551fc 100644 --- a/lib/ldap_fluff/posix_member_service.rb +++ b/lib/ldap_fluff/posix_member_service.rb @@ -16,14 +16,17 @@ def find_user(uid, base_dn = @base) # return an ldap user with groups attached # note : this method is not particularly fast for large ldap systems def find_user_groups(uid) + user = find_user(uid).first groups = [] @ldap.search( - :filter => user_group_filter(uid), + :filter => user_group_filter(uid, user[:dn].first), :base => @group_base, :attributes => ["cn"] ).each do |entry| groups << entry[:cn][0] end groups + rescue UIDNotFoundException + return [] end def times_in_groups(uid, gids, all) @@ -55,8 +58,8 @@ class GIDNotFoundException < LdapFluff::Error private - def user_group_filter(uid) - unique_filter = Net::LDAP::Filter.eq('uniquemember', "uid=#{uid},#{@base}") & + def user_group_filter(uid, user_dn) + unique_filter = Net::LDAP::Filter.eq('uniquemember', user_dn) & Net::LDAP::Filter.eq('objectClass', 'groupOfUniqueNames') Net::LDAP::Filter.eq('memberuid', uid) | unique_filter end diff --git a/test/lib/ldap_test_helper.rb b/test/lib/ldap_test_helper.rb index 1762513..20c542c 100644 --- a/test/lib/ldap_test_helper.rb +++ b/test/lib/ldap_test_helper.rb @@ -121,7 +121,7 @@ def netiq_group_payload end def posix_user_payload - [{ :cn => ["john"] }] + [{ :cn => ["john"], :dn => ["cn=john,ou=people,dc=internet,dc=com"] }] end def posix_group_payload diff --git a/test/posix_member_services_test.rb b/test/posix_member_services_test.rb index 2bc9d9a..8003fe3 100644 --- a/test/posix_member_services_test.rb +++ b/test/posix_member_services_test.rb @@ -18,10 +18,14 @@ def test_find_user end def test_find_user_groups - user = posix_group_payload + group = posix_group_payload + user = posix_user_payload username = 'john' - filter = @ms.send(:user_group_filter, username) - @ldap.expect(:search, user, [:filter => filter, + + @ldap.expect(:search, user, [:filter => @ms.name_filter(username), + :base => config.base_dn]) + filter = @ms.send(:user_group_filter, username, user.first[:dn].first) + @ldap.expect(:search, group, [:filter => filter, :base => config.group_base, :attributes => ["cn"]]) @ms.ldap = @ldap @@ -30,8 +34,11 @@ def test_find_user_groups end def test_find_no_groups + user = posix_user_payload username = 'john' - filter = @ms.send(:user_group_filter, username) + @ldap.expect(:search, user, [:filter => @ms.name_filter(username), + :base => config.base_dn]) + filter = @ms.send(:user_group_filter, username, user.first[:dn].first) @ldap.expect(:search, [], [:filter => filter, :base => config.group_base, :attributes => ["cn"]]) @@ -73,12 +80,4 @@ def test_group_doesnt_exists assert_raises(LdapFluff::Posix::MemberService::GIDNotFoundException) { @ms.find_group('broze') } @ldap.verify end - - def test_user_group_filter - username = 'john' - unique_filter = Net::LDAP::Filter.eq('uniquemember', "uid=#{username},#{config.base_dn}") & - Net::LDAP::Filter.eq('objectClass', 'groupOfUniqueNames') - expected = @ms.name_filter(username) | unique_filter - assert_equal expected, @ms.send(:user_group_filter, username) - end end