diff --git a/lib/ldap_fluff/ad_member_service.rb b/lib/ldap_fluff/ad_member_service.rb index fde610a..ae1f42c 100644 --- a/lib/ldap_fluff/ad_member_service.rb +++ b/lib/ldap_fluff/ad_member_service.rb @@ -19,25 +19,28 @@ def find_user_groups(uid) def _groups_from_ldap_data(payload) data = [] if !payload.nil? - first_level = payload[:memberof] - total_groups = _walk_group_ancestry(first_level) - data = (get_groups(first_level + total_groups)).uniq + first_level = payload[:memberof] + total_groups, _ = _walk_group_ancestry(first_level, first_level) + data = (get_groups(first_level + total_groups)).uniq end data end # recursively loop over the parent list - def _walk_group_ancestry(group_dns = []) + def _walk_group_ancestry(group_dns = [], known_groups = []) set = [] group_dns.each do |group_dn| search = @ldap.search(:base => group_dn, :scope => Net::LDAP::SearchScope_BaseObject, :attributes => ['memberof']) if !search.nil? && !search.first.nil? - group = search.first - set += _walk_group_ancestry(group[:memberof]) - set += group[:memberof] + groups = search.first[:memberof] - known_groups + known_groups += groups + next_level, new_known_groups = _walk_group_ancestry(groups, known_groups) + set += next_level + set += groups + known_groups += next_level end end - set + [set, known_groups] end def class_filter diff --git a/test/ad_member_services_test.rb b/test/ad_member_services_test.rb index d37e632..c58afc8 100644 --- a/test/ad_member_services_test.rb +++ b/test/ad_member_services_test.rb @@ -47,6 +47,16 @@ def test_find_user @ldap.verify end + def test_nested_groups + basic_user + # basic user is memberof 'group'... and 'group' is memberof 'bros1' + # now make 'bros1' be memberof 'group' again + @ldap.expect(:search, ad_user_payload, [:base => ad_group_dn('bros1'), :scope => 0, :attributes => ['memberof']]) + @adms.ldap = @ldap + assert_equal(%w(group bros1), @adms.find_user_groups("john")) + @ldap.verify + end + def test_missing_user @ldap.expect(:search, nil, [:filter => ad_name_filter("john")]) @adms.ldap = @ldap