Revert "Instead of adding a new config option, use range retrieval when member_attribute includes ;range"
This reverts commit 917e716d384ee1bf088509a1a96a13c6d1c73982.
This commit is contained in:
parent
ead4404c54
commit
f83b32f8d9
@ -37,10 +37,9 @@ ldap_groups:
|
|||||||
# lowercase name for use as PG role name
|
# lowercase name for use as PG role name
|
||||||
lowercase_name: false
|
lowercase_name: false
|
||||||
# this attribute must reference to all member DN's of the given group
|
# this attribute must reference to all member DN's of the given group
|
||||||
# If LDAP server is Active Directory, it's better to append ";range" to member_attribue;
|
|
||||||
# otherwise, it can't synchronize groups with over 1500 users for AD server.
|
|
||||||
# Example for AD server: "member;range"
|
|
||||||
member_attribute: member
|
member_attribute: member
|
||||||
|
# must be true if group with over 1500 members for Active Directory server
|
||||||
|
need_member_range_retrieval: false
|
||||||
|
|
||||||
# Connection parameters to PostgreSQL server
|
# Connection parameters to PostgreSQL server
|
||||||
# see also: http://rubydoc.info/gems/pg/PG/Connection#initialize-instance_method
|
# see also: http://rubydoc.info/gems/pg/PG/Connection#initialize-instance_method
|
||||||
|
@ -46,6 +46,9 @@ mapping:
|
|||||||
"member_attribute":
|
"member_attribute":
|
||||||
type: str
|
type: str
|
||||||
required: yes
|
required: yes
|
||||||
|
"need_member_range_retrieval":
|
||||||
|
type: bool
|
||||||
|
required: no
|
||||||
|
|
||||||
"pg_connection":
|
"pg_connection":
|
||||||
type: any
|
type: any
|
||||||
|
@ -90,7 +90,7 @@ class Application
|
|||||||
all_group_members = []
|
all_group_members = []
|
||||||
while true do
|
while true do
|
||||||
member_size = 0
|
member_size = 0
|
||||||
member_attribute_with_range = "#{@config[:ldap_groups][:member_attribute]}=#{range_start}-*"
|
member_attribute_with_range = "#{@config[:ldap_groups][:member_attribute]};range=#{range_start}-*"
|
||||||
returned_member_attribute_with_range = ""
|
returned_member_attribute_with_range = ""
|
||||||
log.debug " current attribute for range retrieval ----> #{member_attribute_with_range} "
|
log.debug " current attribute for range retrieval ----> #{member_attribute_with_range} "
|
||||||
|
|
||||||
@ -141,9 +141,8 @@ class Application
|
|||||||
end
|
end
|
||||||
|
|
||||||
names.each do |n|
|
names.each do |n|
|
||||||
member_attribute_sub_list = ldap_group_conf[:member_attribute].partition(";")
|
group_members = entry[ldap_group_conf[:member_attribute]]
|
||||||
group_members = entry[member_attribute_sub_list[0]]
|
if group_members.count == 0 and ldap_group_conf[:need_member_range_retrieval]
|
||||||
if group_members.count == 0 and member_attribute_sub_list[2] == "range"
|
|
||||||
group_members = load_group_members_by_range(entry.dn)
|
group_members = load_group_members_by_range(entry.dn)
|
||||||
end
|
end
|
||||||
groups << LdapRole.new(n, entry.dn, group_members)
|
groups << LdapRole.new(n, entry.dn, group_members)
|
||||||
|
Reference in New Issue
Block a user