fruworg/pgls
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Instead of adding a new config option, use range retrieval when member_attribute includes ;range

Browse Source
This commit is contained in:
Jingwen Yang 2022-08-24 14:30:22 +08:00
parent d833228547
commit 917e716d38
3 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
config/sample-config2.yaml
View File

@ -37,9 +37,10 @@ ldap_groups:
# lowercase name for use as PG role name
lowercase_name: false
# this attribute must reference to all member DN's of the given group
# If LDAP server is Active Directory, it's better to append ";range" to member_attribue;
# otherwise, it can't synchronize groups with over 1500 users for AD server.
# Example for AD server: "member;range"
member_attribute: member
# must be true if group with over 1500 members for Active Directory server
need_member_range_retrieval: false
# Connection parameters to PostgreSQL server
# see also: http://rubydoc.info/gems/pg/PG/Connection#initialize-instance_method

3
config/schema.yaml
View File

@ -46,9 +46,6 @@ mapping:
"member_attribute":
type: str
required: yes
"need_member_range_retrieval":
type: bool
required: no
"pg_connection":
type: any

7
lib/pg_ldap_sync/application.rb
View File

@ -90,7 +90,7 @@ class Application
all_group_members = []
while true do
member_size = 0
member_attribute_with_range = "#{@config[:ldap_groups][:member_attribute]};range=#{range_start}-*"
member_attribute_with_range = "#{@config[:ldap_groups][:member_attribute]}=#{range_start}-*"
returned_member_attribute_with_range = ""
log.debug " current attribute for range retrieval ----> #{member_attribute_with_range} "
@ -141,8 +141,9 @@ class Application
end
names.each do |n|
group_members = entry[ldap_group_conf[:member_attribute]]
if group_members.count == 0 and ldap_group_conf[:need_member_range_retrieval]
member_attribute_sub_list = ldap_group_conf[:member_attribute].partition(";")
group_members = entry[member_attribute_sub_list[0]]
if group_members.count == 0 and member_attribute_sub_list[2] == "range"
group_members = load_group_members_by_range(entry.dn)
end
groups << LdapRole.new(n, entry.dn, group_members)