Merge pull request #37 from jingwen-yang-yjw/supportMemberRangeRetrivalForAD

Support synchronize groups with over 1500 users in AD server
This commit is contained in:
Lars Kanis 2022-09-23 13:54:31 +02:00 committed by GitHub
commit 1eeeefd8df
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 43 additions and 1 deletions

View File

@ -37,6 +37,9 @@ ldap_groups:
# lowercase name for use as PG role name
lowercase_name: false
# this attribute must reference to all member DN's of the given group
# If LDAP server is Active Directory, it's better to append ";range" to member_attribue;
# otherwise, it can't synchronize groups with over 1500 users for AD server.
# Example for AD server: "member;range"
member_attribute: member
# Connection parameters to PostgreSQL server

View File

@ -85,6 +85,40 @@ class Application
return users
end
def load_group_members_by_range(group_dn)
range_start = 0
all_group_members = []
while true do
member_size = 0
member_attribute_with_range = "#{@config[:ldap_groups][:member_attribute]}=#{range_start}-*"
returned_member_attribute_with_range = ""
log.debug " current attribute for range retrieval ----> #{member_attribute_with_range} "
res_entry = @ldap.search(
base: group_dn,
filter: Net::LDAP::Filter.eq('distinguishedName', group_dn),
attributes: member_attribute_with_range).first
res_entry.each do |attribute, values|
next if "#{attribute}" == "dn"
returned_member_attribute_with_range = "#{attribute}"
log.debug " returned attribute --------> #{returned_member_attribute_with_range}"
member_size = values.count
values.each do |value|
log.debug " -----> #{value}"
all_group_members << value
end
break
end
if returned_member_attribute_with_range == member_attribute_with_range
break
end
range_start = range_start + member_size
end
return all_group_members
end
def search_ldap_groups
ldap_group_conf = @config[:ldap_groups]
@ -107,7 +141,12 @@ class Application
end
names.each do |n|
groups << LdapRole.new(n, entry.dn, entry[ldap_group_conf[:member_attribute]])
member_attribute_sub_list = ldap_group_conf[:member_attribute].partition(";")
group_members = entry[member_attribute_sub_list[0]]
if group_members.count == 0 and member_attribute_sub_list[2] == "range"
group_members = load_group_members_by_range(entry.dn)
end
groups << LdapRole.new(n, entry.dn, group_members)
end
entry.each do |attribute, values|
log.debug " #{attribute}:"