/ - Diff - Foreman

« Previous | Next »

Revision e5e62175

Added by Daniel Lobato Garcia over 8 years ago

ID e5e621755319da0a2d522894d3c30be73e4a7f7b
Parent 020aa69a
Child 80692275

Fixes #11428 - External user groups refresh shouldn't be case sensitive

group_list in ldap_fluff returns a list of lowercase LDAP GIDs.
When AuthSourceLdap tries to run update_usergroups to refresh the external
user groups, it will try to match these lowercase gids with external user
group names.

However, we don't enforce external user group names to be lowercase.
If an external user group contains any capital letter, it will not be
synced as it will not match the lowercase GID.

This commit makes sure we search for external groups case insensitive,
so we can match LDAP GIDs with external groups names.

(cherry picked from commit 33d7500a8d3148b6877d630a72f598f4be06b423)

         logger.debug "Updating user groups for user #{login}"
         internal = User.find(login).external_usergroups.map(&:name)
         external = ldap_con.group_list(login)
         external = ldap_con.group_list(login) # this list may return all groups in lowercase
         (internal | external).each do |name|
           begin
             external_usergroup = external_usergroups.find_by_name(name)
             external_usergroup = external_usergroups.where('lower(name) = ?', name.downcase).last
             if external_usergroup.present?
               logger.debug "Refreshing external user group #{external_usergroup.name}"
               external_usergroup.refresh

         end
         test 'update_usergroups calls refresh_ldap if entry belongs to some group' do
           ExternalUsergroup.expects(:find_by_name).with('ipausers').returns(ExternalUsergroup.new)
           @auth_source_ldap.expects(:valid_group?).with('ipausers').returns(true)
           FactoryGirl.create(:external_usergroup, :name => 'ipausers', :auth_source => @auth_source_ldap)
           ExternalUsergroup.any_instance.expects(:refresh)
           @auth_source_ldap.send(:update_usergroups, 'test')
         end
         test 'update_usergroups matches LDAP gids with external user groups case insensitively' do
           @auth_source_ldap.expects(:valid_group?).with('IPAUSERS').returns(true)
           external = FactoryGirl.create(:external_usergroup, :auth_source => @auth_source_ldap, :name => 'IPAUSERS')
           ldap_user = FactoryGirl.create(:user, :login => 'JohnSmith', :mail => 'a@b.com', :auth_source => @auth_source_ldap)
           AuthSourceLdap.any_instance.expects(:users_in_group).with('IPAUSERS').returns(['JohnSmith'])
           @auth_source_ldap.send(:update_usergroups, 'test')
           assert_include ldap_user.usergroups, external.usergroup
         end
         test 'update_usergroups refreshes on all external user groups, in LDAP and in Foreman auth source' do
           @auth_source_ldap.stubs(:valid_group?).returns(true)
           @auth_source_ldap.expects(:valid_group?).with('external_usergroup1').returns(true)
           external = FactoryGirl.create(:external_usergroup, :auth_source => @auth_source_ldap)
           User.any_instance.expects(:external_usergroups).returns([external])
           @auth_source_ldap.send(:update_usergroups, 'test')

Also available in: Unified diff

Project

General

Profile

Revision e5e62175

Added by Daniel Lobato Garcia over 8 years ago

Project

General

Profile

Revision e5e62175

Added by Daniel Lobato Garcia over 8 years ago

Related issues