Skip to content
Snippets Groups Projects
Commit d3b7aeca authored by Rodrigo Nascimento's avatar Rodrigo Nascimento Committed by GitHub
Browse files

Ldap merge users (#3992) 

* Allow merge users from ldap

* Fix last commit, do not override userData in ldap sync
parent 0762aeaf
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
packages/rocketchat-ldap/server/loginHandler.js
+ 1
15
View file @ d3b7aeca
...@@ -25,7 +25,6 @@ function fallbackDefaultAccountSystem(bind, username, password) { ...@@ -25,7 +25,6 @@ function fallbackDefaultAccountSystem(bind, username, password) {
return Accounts._runLoginHandlers(bind, loginRequest); return Accounts._runLoginHandlers(bind, loginRequest);
} }
Accounts.registerLoginHandler('ldap', function(loginRequest) { Accounts.registerLoginHandler('ldap', function(loginRequest) {
if (!loginRequest.ldap || !loginRequest.ldapOptions) { if (!loginRequest.ldap || !loginRequest.ldapOptions) {
return undefined; return undefined;
...@@ -102,7 +101,7 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) { ...@@ -102,7 +101,7 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) {
// Login user if they exist // Login user if they exist
if (user) { if (user) {
if (user.ldap !== true) { if (user.ldap !== true && RocketChat.settings.get('LDAP_Merge_Existing_Users') !== true) {
logger.info('User exists without "ldap: true"'); logger.info('User exists without "ldap: true"');
throw new Meteor.Error('LDAP-login-error', 'LDAP Authentication succeded, but there\'s already an existing user with provided username ['+username+'] in Mongo.'); throw new Meteor.Error('LDAP-login-error', 'LDAP Authentication succeded, but there\'s already an existing user with provided username ['+username+'] in Mongo.');
} }
...@@ -158,19 +157,6 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) { ...@@ -158,19 +157,6 @@ Accounts.registerLoginHandler('ldap', function(loginRequest) {
syncUserData(userObject, ldapUser); syncUserData(userObject, ldapUser);
let ldapUserService = {
ldap: true
};
if (Unique_Identifier_Field) {
ldapUserService['services.ldap.idAttribute'] = Unique_Identifier_Field.attribute;
ldapUserService['services.ldap.id'] = Unique_Identifier_Field.value;
}
Meteor.users.update(userObject._id, {
$set: ldapUserService
});
logger.info('Joining user to default channels'); logger.info('Joining user to default channels');
Meteor.runAsUser(userObject._id, function() { Meteor.runAsUser(userObject._id, function() {
Meteor.call('joinDefaultChannels'); Meteor.call('joinDefaultChannels');
......
packages/rocketchat-ldap/server/settings.js
+ 1
0
View file @ d3b7aeca
...@@ -39,6 +39,7 @@ Meteor.startup(function() { ...@@ -39,6 +39,7 @@ Meteor.startup(function() {
this.add('LDAP_Sync_User_Avatar', true, { type: 'boolean', enableQuery: syncDataQuery }); this.add('LDAP_Sync_User_Avatar', true, { type: 'boolean', enableQuery: syncDataQuery });
this.add('LDAP_Sync_User_Data_FieldMap', '{"cn":"name", "mail":"email"}', { type: 'string', enableQuery: syncDataQuery }); this.add('LDAP_Sync_User_Data_FieldMap', '{"cn":"name", "mail":"email"}', { type: 'string', enableQuery: syncDataQuery });
this.add('LDAP_Default_Domain', '', { type: 'string', enableQuery: enableQuery }); this.add('LDAP_Default_Domain', '', { type: 'string', enableQuery: enableQuery });
this.add('LDAP_Merge_Existing_Users', false, { type: 'boolean', enableQuery: enableQuery });
this.add('LDAP_Test_Connection', 'ldap_test_connection', { type: 'action', actionText: 'Test_Connection' }); this.add('LDAP_Test_Connection', 'ldap_test_connection', { type: 'action', actionText: 'Test_Connection' });
this.add('LDAP_Sync_Users', 'ldap_sync_users', { type: 'action', actionText: 'Sync_Users' }); this.add('LDAP_Sync_Users', 'ldap_sync_users', { type: 'action', actionText: 'Sync_Users' });
}); });
......
packages/rocketchat-ldap/server/sync.js
+ 4
0
View file @ d3b7aeca
...@@ -104,6 +104,10 @@ getDataToSyncUserData = function getDataToSyncUserData(ldapUser, user) { ...@@ -104,6 +104,10 @@ getDataToSyncUserData = function getDataToSyncUserData(ldapUser, user) {
userData['services.ldap.idAttribute'] = uniqueId.attribute; userData['services.ldap.idAttribute'] = uniqueId.attribute;
} }
if (user.ldap !== true) {
userData.ldap = true;
}
if (_.size(userData)) { if (_.size(userData)) {
return userData; return userData;
} }
......
packages/rocketchat-lib/i18n/en.i18n.json
+ 2
0
View file @ d3b7aeca
...@@ -592,6 +592,8 @@ ...@@ -592,6 +592,8 @@
"LDAP_Custom_Domain_Search" : "Custom Domain Search", "LDAP_Custom_Domain_Search" : "Custom Domain Search",
"LDAP_Custom_Domain_Search_Description" : "A piece of JSON that governs bind and connection info and is of the form:<br/> <code>{\"filter\": \"(&(objectCategory=person)(objectclass=user)(memberOf=CN=ROCKET_ACCESS,CN=Users,DC=domain,DC=com)(sAMAccountName=#{username}))\", \"scope\": \"sub\", \"userDN\": \"rocket.service@domain.com\", \"password\": \"urpass\"}</code>", "LDAP_Custom_Domain_Search_Description" : "A piece of JSON that governs bind and connection info and is of the form:<br/> <code>{\"filter\": \"(&(objectCategory=person)(objectclass=user)(memberOf=CN=ROCKET_ACCESS,CN=Users,DC=domain,DC=com)(sAMAccountName=#{username}))\", \"scope\": \"sub\", \"userDN\": \"rocket.service@domain.com\", \"password\": \"urpass\"}</code>",
"LDAP_Default_Domain" : "Default Domain", "LDAP_Default_Domain" : "Default Domain",
"LDAP_Merge_Existing_Users" : "Merge existing users",
"LDAP_Merge_Existing_Users_Description" : "*Caution!* When importing an user from LDAP and an user with same username already exists the LDAP info and password will be set into the existing user.",
"LDAP_Description" : "LDAP is a hierarchical database that many companies use to provide single sign on - a facility for sharing one password between multiple sites and services. For advanced configuration information and examples, please consult our wiki: https://github.com/RocketChat/Rocket.Chat/wiki/LDAP-Authentication.", "LDAP_Description" : "LDAP is a hierarchical database that many companies use to provide single sign on - a facility for sharing one password between multiple sites and services. For advanced configuration information and examples, please consult our wiki: https://github.com/RocketChat/Rocket.Chat/wiki/LDAP-Authentication.",
"LDAP_Domain_Base" : "Domain Base", "LDAP_Domain_Base" : "Domain Base",
"LDAP_Domain_Base_Description" : "The fully qualified Distinguished Name (DN) of an LDAP subtree you want to search for users and groups. You can add as many as you like; however, each group must be defined in the same domain base as the users that belong to it. If you specify restricted user groups, only users that belong to those groups will be in scope. We recommend that you specify the top level of your LDAP directory tree as your domain base and use search filter to control access.", "LDAP_Domain_Base_Description" : "The fully qualified Distinguished Name (DN) of an LDAP subtree you want to search for users and groups. You can add as many as you like; however, each group must be defined in the same domain base as the users that belong to it. If you specify restricted user groups, only users that belong to those groups will be in scope. We recommend that you specify the top level of your LDAP directory tree as your domain base and use search filter to control access.",
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment