Fixed issue #1795 - Forcing samaccountname as login attribute is not suitable and causes issues in divergent setups.

2018-02-02 16:19:40 +01:00 · 2018-02-02 16:19:40 +01:00 · c63e6e5be3
commit c63e6e5be3
parent fc6220600f
3 changed files with 62 additions and 20 deletions
--- a/app/assets/javascripts/app/controllers/_integration/ldap.coffee
+++ b/app/assets/javascripts/app/controllers/_integration/ldap.coffee
@ -358,7 +358,6 @@ class ConnectionWizard extends App.WizardModal
        # remember payload
        user_attributes = {}
        for key, value of App.User.attributesGet()
-          continue if key == 'login'
          if (value.tag is 'input' || value.tag is 'richtext' || value.tag is 'textarea')  && value.type isnt 'password'
            user_attributes[key] = value.display || key
        roles = {}
@ -394,6 +393,7 @@ class ConnectionWizard extends App.WizardModal
        givenname: 'firstname'
        sn: 'lastname'
        mail: 'email'
+        samaccountname: 'login'
        telephonenumber: 'phone'

    @userMappingForm.find('tbody tr.js-entry').remove()
@ -417,14 +417,23 @@ class ConnectionWizard extends App.WizardModal
    for key in ['source', 'dest']
      if !_.isArray(user_attributes[key])
        user_attributes[key] = [user_attributes[key]]
-    user_attributes_local =
-      'samaccountname': 'login'
+    user_attributes_local = {}
    length = user_attributes.source.length-1
    for count in [0..length]
      if user_attributes.source[count] && user_attributes.dest[count]
        user_attributes_local[user_attributes.source[count]] = user_attributes.dest[count]
+
+    requiredAttribute = Object.keys(user_attributes_local).some( (local_attribute) ->
+      return user_attributes_local[local_attribute] == 'login'
+    )
+
    @wizardConfig.user_attributes = user_attributes_local

+    if !requiredAttribute
+      @showSlide('js-mapping')
+      @showAlert('js-mapping', App.i18n.translatePlain("Attribute '%s' is required in the mapping", 'login'))
+      return
+
    # group role map
    group_role_map = @formParam(@groupRoleForm)
    for key in ['source', 'dest']
@ -448,17 +457,8 @@ class ConnectionWizard extends App.WizardModal

  buildRowsUserMap: (user_attribute_map) =>

-    # show static login row
-    userUidDisplayValue = @wizardConfig.wizardData.backend_user_attributes['samaccountname']
-
-    el = [
-      $(App.view('integration/ldap_user_attribute_row_read_only')(
-        key:   userUidDisplayValue,
-        value: 'Login'
-      ))
-    ]
+    el = []
    for source, dest of user_attribute_map
-      continue if source == 'samaccountname'
      continue if !(source of @wizardConfig.wizardData.backend_user_attributes)
      el.push @buildRowUserAttribute(source, dest)
    el
--- a/db/migrate/20180202000002_custom_ldap_login_attribute.rb
+++ b/db/migrate/20180202000002_custom_ldap_login_attribute.rb
@ -0,0 +1,48 @@
+class CustomLdapLoginAttribute < ActiveRecord::Migration[5.1]
+  def up
+
+    # return if it's a new setup
+    return if !Setting.find_by(name: 'system_init_done')
+    return if no_change_needed?
+
+    perform_changes
+  end
+
+  private
+
+  def perform_changes
+    delete_spared
+    update_config
+  end
+
+  def delete_spared
+    # remove samaccountname which is always wrong if there is more than
+    # one other login attribute since it's automatically added
+    ldap_config[:user_attributes].delete('samaccountname')
+
+    # this should not happen but remove any other duplicate that
+    # maps to login and keep the "first" in the list
+    # - which is more or less random
+    login_attributes.reject { |e| e == 'samaccountname' }.drop(1).each do |spared|
+      ldap_config[:user_attributes].delete(spared)
+    end
+  end
+
+  def update_config
+    Import::Ldap.config = ldap_config
+  end
+
+  def login_attributes
+    @login_attributes ||= ldap_config[:user_attributes].select { |_local, remote| remote == 'login' }.keys
+  end
+
+  def no_change_needed?
+    return true if ldap_config.blank?
+    return true if ldap_config[:user_attributes].blank?
+    ldap_config[:user_attributes].values.count('login') < 2
+  end
+
+  def ldap_config
+    @ldap_config ||= Import::Ldap.config
+  end
+end
--- a/lib/sequencer/unit/import/ldap/user/mapping.rb
+++ b/lib/sequencer/unit/import/ldap/user/mapping.rb
@ -9,13 +9,7 @@ class Sequencer
            private

            def mapping
-              ldap_config[:user_attributes].dup.tap do |config|
-                # fallback to samaccountname as login
-                # if no login is given via mapping
-                if !config.values.include?('login')
-                  config['samaccountname'] = 'login'
-                end
-              end
+              ldap_config[:user_attributes]
            end
          end
        end