verdnatura/salix
verdnatura
/
salix
3
4
Fork 0
Code Issues Pull Requests 57 Releases Wiki Activity

test(samba): refs #5770 Create, update, delete group and members

This commit is contained in:
Javier Segarra 2024-05-10 16:58:08 +02:00
parent 5501a6a0b5
commit 117f42ff96
2 changed files with 81 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
db/dump/fixtures.before.sql
View File

@ -3793,4 +3793,4 @@ INSERT INTO vn.workCenter (id, name, payrollCenterFk, counter, warehouseFk, stre
INSERT INTO account.sambaConfig (id,adDomain,adController,adUser,adPassword,verifyCert,userDn,groupDn) VALUES
(1,'verdnatura.es','192.168.56.102','Administrator','V3rdn4tur4$',0,'ou=VnUsers','ou=VnGroups');
(1,'verdnatura.es','192.168.56.101','Administrator','V3rdn4tur4$',0,'ou=VnUsers','ou=VnGroups');

127
modules/account/back/models/samba-config.js
View File

@ -2,7 +2,7 @@ const app = require('vn-loopback/server/server');
const ldap = require('../util/ldapjs-extra');
const {differences, toMap, printResults} = require('../util/helpers');
const execFile = require('child_process').execFile;
// const ROLE_PREFIX = 'VN_';
const ROLE_PREFIX = '$';
/**
* Summary of userAccountControl flags:
* https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
@ -172,7 +172,25 @@ module.exports = Self => {
await this.adClient.searchForeach(this.fullUsersDn, opts,
o => usersToSync.add(o.sAMAccountName));
},
deleteRole(role) {
return this.sambaTool('group', ['delete', role]);
},
addRole({description, name}) {
return this.sambaTool('group',
['add', `${ROLE_PREFIX}${name}`, `--groupou=${this.groupDn}`, `--description=${description}`]);
},
getRoleMembers(role) {
return this.getMembers(`(cn=${role})`, this.fullGroupsDn);
},
getMembers(filter = '', type = this.fullUsersDn) {
const options = {
scope: 'sub',
attributes: ['cn', 'member', 'member.cn']
};
if (filter !== '')
Object.assign(options, {filter});
return this.adClient.searchAll(type, options);
},
async syncRoles() {
await this.init();
let $ = app.models;
@ -184,49 +202,44 @@ module.exports = Self => {
// Prepare data
try {
// const filter = '(cn=VN_*)';
const scope = 'sub';
// const baseDN = 'cn=Users,dc=verdnatura,dc=es';
// const ldapMembersGroups = await this.adClient.searchAll(baseDN, {
// scope,
// attributes: ['cn', 'member'],
// filter
// });
const ldapMembersGroups = await this.getMembers();
// OBTENER ROLES
let roles = (await $.VnRole.find({
fields: ['id', 'name', 'description'],
order: 'modified DESC',
limit: 1
}));
let rolesName = roles.map(role => role.name);
limit: 2
})).reduce((map, role) => {
map.set(`${ROLE_PREFIX}${role.name}`, role);
return map;
}, new Map());
const rolesKeys = Array.from(roles.keys());
// OBTENER LDAPSJS ROLES
const ldapGroups = (await this.adClient.searchAll(baseDN, {
scope,
const ldapGroups = await this.adClient.searchAll(this.fullGroupsDn, {
scope: 'sub',
attributes: ['cn', 'description'],
}));/* , (err, res)=>{
res.on('searchEntry', entry=>{
console.log(entry)
})
res.on('error', entry=>{
console.log(entry)
})
res.on('end', entry=>{
console.log(entry)
})
})*/
});
// OBTENER SAMBA ROLES
let sambaCurrentRoles = ldapGroups.map(({cn}) => cn);
let sambaCurrentGroups = ldapGroups
.filter(group => Object.prototype.hasOwnProperty.call(group, 'cn'))
.reduce((map, group) => {
map.set(`${group.cn}`, group);
return map;
}, new Map());
const sambaRolesKeys = Array.from(sambaCurrentGroups.keys());// .map(({cn}) => cn);
// handleExecResponse(await this.sambaTool('group', ['list']))
// .filter(group => group.startsWith(ROLE_PREFIX));
// Encontrar elementos a eliminar
const rolesToDelete = differences(sambaCurrentRoles, rolesName);
const rolesToDelete = differences(sambaRolesKeys, rolesKeys);
// Encontrar elementos a insertar
const rolesToInsert = differences(roles, sambaCurrentRoles);
const rolesToInsert = differences(rolesKeys, sambaRolesKeys);
// Encontrar elementos a actualizar
const rolesToUpdate = differences(roles, [...rolesToDelete, ...rolesToInsert]);
const rolesToUpdate = differences(rolesKeys, [...rolesToDelete, ...rolesToInsert]);
// OBTENER USUARIOS Y SUS ROLES
if (
@ -249,7 +262,7 @@ module.exports = Self => {
console.info(`User ${user.name} has not valid role`);
return;
}
return {key: role.name, val: user.name};
return {key: `${ROLE_PREFIX}${role.name}`, val: user.name};
});
usersMap.set('group1', ['employee']);
if (rolesToDelete.length > 0) {
@ -269,7 +282,7 @@ module.exports = Self => {
// PROCEDIMIENTO PARA ELIMINAR ROLES
const resultsRoleDelete = await Promise.all(
rolesToDelete.map(role => this.sambaTool('group', ['delete', role]))
rolesToDelete.map(this.deleteRole)
);
printResults(resultsRoleDelete);
}
@ -277,16 +290,12 @@ module.exports = Self => {
if (rolesToInsert.length > 0) {
// PROCEDIMIENTO PARA INSERTAR ROLES
const resultsRoleInsert = await Promise.all(
rolesToInsert.map(
({description, name}) =>
this.sambaTool('group',
['add', name, `--groupou=${this.groupDN}`, `--description="${description}"`]))
);
rolesToInsert.map(role => this.addRole(roles.get(role))));
printResults(resultsRoleInsert);
// PROCEDIMIENTO PARA INSERTAR USUARIOS ASOCIADOS AL ROL
let usersToGroup = rolesToInsert.flatMap(role => usersMap.get(role.name).map(
a => this.sambaTool('group', ['addmembers', role.name, a])
let usersToGroup = rolesToInsert.flatMap(role => usersMap.get(role).map(
a => this.sambaTool('group', ['addmembers', role, a])
)
);
const resultsUserGroup = await Promise.all(usersToGroup);
@ -298,21 +307,45 @@ module.exports = Self => {
// OBTENER LDAPSJS MIEMBROS ROLES
for await (const role of rolesToUpdate) {
const users = await this.sambaTool('group', ['listmembers', role]);
const usersToDelete = differences(users, usersMap.get(role));
promises.push(usersToDelete.map(user =>
this.sambaTool('group', ['removemembers', user.name])));
const usersToInsert = differences(usersMap.get(role), users);
promises.push(usersToInsert.map(user =>
this.sambaTool('group', ['addmembers', role.name, user.name])));
await Promise.all(promises);
let roleHasUpdated = false;
if (roles.get(role).$description != sambaCurrentGroups.get(role).description) {
await this.deleteRole(role);
await this.addRole(roles.get(role));
roleHasUpdated = true;
}
const users = usersMap.get(role);
const currentUsers = this.handleRoleMembers(await this.getRoleMembers(role));
if (!roleHasUpdated && currentUsers.length === 0 && users.length === 0) continue;
await this.handleUsersRole(role, currentUsers, users);
}
}
}
} catch (error) {
console.error(error);
}
},
handleRoleMembers(users) {
if (users.length === 0) return [];
let members = users[0]?.member;
if (!members) return [];
if (!Array.isArray(members))members = [members];
return members.map((member => member.match(/CN=(.*?),(.*)/)[1]));
},
async handleUsersRole(role, currentUsers, users) {
const forbiddenUsers = ['guest'];
users = users.filter(u => !u.includes(forbiddenUsers));
const usersToDelete = differences(currentUsers, users);
if (usersToDelete.length > 0) {
const results = await Promise.all(usersToDelete.map(user =>
this.sambaTool('group', ['removemembers', role, user])));
printResults(results);
}
const usersToInsert = differences(users, currentUsers);
if (usersToInsert.length > 0) {
const results = await Promise.all(usersToInsert.map(user =>
this.sambaTool('group', ['addmembers', role, user])));
printResults(results);
}
}
});