Revert "Instead of adding a new config option, use range retrieval when member_attribute includes ;range"

This reverts commit 917e716d38.
This commit is contained in:
Lars Kanis 2022-11-30 13:24:27 +01:00
parent ead4404c54
commit f83b32f8d9
3 changed files with 8 additions and 7 deletions

View File

@ -37,10 +37,9 @@ ldap_groups:
# lowercase name for use as PG role name # lowercase name for use as PG role name
lowercase_name: false lowercase_name: false
# this attribute must reference to all member DN's of the given group # this attribute must reference to all member DN's of the given group
# If LDAP server is Active Directory, it's better to append ";range" to member_attribue;
# otherwise, it can't synchronize groups with over 1500 users for AD server.
# Example for AD server: "member;range"
member_attribute: member member_attribute: member
# must be true if group with over 1500 members for Active Directory server
need_member_range_retrieval: false
# Connection parameters to PostgreSQL server # Connection parameters to PostgreSQL server
# see also: http://rubydoc.info/gems/pg/PG/Connection#initialize-instance_method # see also: http://rubydoc.info/gems/pg/PG/Connection#initialize-instance_method

View File

@ -46,6 +46,9 @@ mapping:
"member_attribute": "member_attribute":
type: str type: str
required: yes required: yes
"need_member_range_retrieval":
type: bool
required: no
"pg_connection": "pg_connection":
type: any type: any

View File

@ -90,7 +90,7 @@ class Application
all_group_members = [] all_group_members = []
while true do while true do
member_size = 0 member_size = 0
member_attribute_with_range = "#{@config[:ldap_groups][:member_attribute]}=#{range_start}-*" member_attribute_with_range = "#{@config[:ldap_groups][:member_attribute]};range=#{range_start}-*"
returned_member_attribute_with_range = "" returned_member_attribute_with_range = ""
log.debug " current attribute for range retrieval ----> #{member_attribute_with_range} " log.debug " current attribute for range retrieval ----> #{member_attribute_with_range} "
@ -141,9 +141,8 @@ class Application
end end
names.each do |n| names.each do |n|
member_attribute_sub_list = ldap_group_conf[:member_attribute].partition(";") group_members = entry[ldap_group_conf[:member_attribute]]
group_members = entry[member_attribute_sub_list[0]] if group_members.count == 0 and ldap_group_conf[:need_member_range_retrieval]
if group_members.count == 0 and member_attribute_sub_list[2] == "range"
group_members = load_group_members_by_range(entry.dn) group_members = load_group_members_by_range(entry.dn)
end end
groups << LdapRole.new(n, entry.dn, group_members) groups << LdapRole.new(n, entry.dn, group_members)