diff --git a/modules/account/back/models/samba-config.js b/modules/account/back/models/samba-config.js index d40474e10f..c5362fb7bf 100644 --- a/modules/account/back/models/samba-config.js +++ b/modules/account/back/models/samba-config.js @@ -1,9 +1,8 @@ const app = require('vn-loopback/server/server'); const ldap = require('../util/ldapjs-extra'); -const { differences, handleExecResponse, toMap } = require('../util/helpers'); -const { stdout } = require('process'); +const {differences, toMap, printResults} = require('../util/helpers'); const execFile = require('child_process').execFile; -const ROLE_PREFIX = 'VN_'; +// const ROLE_PREFIX = 'VN_'; /** * Summary of userAccountControl flags: * https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties @@ -25,6 +24,7 @@ module.exports = Self => { 'adUser', 'adPassword', 'userDn', + 'groupDn', 'verifyCert' ] }); @@ -47,6 +47,7 @@ module.exports = Self => { Object.assign(this, { adClient, fullUsersDn: `${this.userDn},${baseDn}`, + fullGroupsDn: `${this.groupDn},${baseDn}`, bindDn }); }, @@ -182,28 +183,27 @@ module.exports = Self => { // Prepare data try { - const filter = '(cn=VN_*)' - const scope = 'sub' - const baseDN = 'cn=Users,dc=verdnatura,dc=es'; - const ldapMembersGroups = await this.adClient.searchAll(baseDN,{ - scope, - attributes: ['cn','member'], - filter - }); + // const filter = '(cn=VN_*)'; + const scope = 'sub'; + // const baseDN = 'cn=Users,dc=verdnatura,dc=es'; + // const ldapMembersGroups = await this.adClient.searchAll(baseDN, { + // scope, + // attributes: ['cn', 'member'], + // filter + // }); // OBTENER ROLES - let rolesBD = (await $.VnRole.find({ + let roles = (await $.VnRole.find({ fields: ['id', 'name', 'description'], order: 'modified DESC', limit: 1 })); - let roles = rolesBD.map(({id, name, description}) => ({vn:`${ROLE_PREFIX}${name}`, name, id, description})); - let rolesName = roles.map(role=>role.name) - //OBTENER LDAPSJS ROLES - const ldapGroups = (await this.adClient.searchAll(baseDN,{ + + let rolesName = roles.map(role => role.name); + // OBTENER LDAPSJS ROLES + const ldapGroups = (await this.adClient.searchAll(baseDN, { scope, attributes: ['cn', 'description'], - filter - }))/*, (err, res)=>{ + }));/* , (err, res)=>{ res.on('searchEntry', entry=>{ console.log(entry) }) @@ -215,7 +215,9 @@ module.exports = Self => { }) })*/ // OBTENER SAMBA ROLES - let sambaCurrentRoles = ldapGroups.map(({cn})=>cn);;// handleExecResponse(await this.sambaTool('group', ['list'])).filter(group => group.startsWith(ROLE_PREFIX)); + let sambaCurrentRoles = ldapGroups.map(({cn}) => cn); + // handleExecResponse(await this.sambaTool('group', ['list'])) + // .filter(group => group.startsWith(ROLE_PREFIX)); // Encontrar elementos a eliminar const rolesToDelete = differences(sambaCurrentRoles, rolesName); @@ -252,7 +254,7 @@ module.exports = Self => { usersMap.set('group1', ['employee']); if (rolesToDelete.length > 0) { // PROCEDIMIENTO PARA ELIMINAR USUARIOS ASOCIADOS AL ROL - let usersToDelete = rolesToDelete.flatMap(role => { + let usersToUngroup = rolesToDelete.flatMap(role => { const exist = usersMap.get(role); if (exist) { @@ -262,49 +264,47 @@ module.exports = Self => { } else return []; } ); - const resultsUserDelete = await Promise.all(usersToDelete); + const resultsUsersUngroup = await Promise.all(usersToUngroup); + printResults(resultsUsersUngroup); // PROCEDIMIENTO PARA ELIMINAR ROLES - //const resultsRoleDelete = await Promise.all( - // rolesToDelete.map(role => this.sambaTool('group', ['delete', role])) - // ); + const resultsRoleDelete = await Promise.all( + rolesToDelete.map(role => this.sambaTool('group', ['delete', role])) + ); + printResults(resultsRoleDelete); } if (rolesToInsert.length > 0) { // PROCEDIMIENTO PARA INSERTAR ROLES const resultsRoleInsert = await Promise.all( - rolesToInsert.map(({description,vn}) => this.sambaTool('group', ['add', vn, `--description="${description}"`])) + rolesToInsert.map( + ({description, name}) => + this.sambaTool('group', + ['add', name, `--groupou=${this.groupDN}`, `--description="${description}"`])) ); - resultsRoleInsert.forEach(({stdout}) => console.log(stdout)); - - // PROCEDIMIENTO PARA INSERTAR USUARIOS ASOCIADOS AL ROL - let usersToInsert = rolesToInsert.flatMap(({name: role} )=> usersMap.get(role).map( - a => this.sambaTool('user', ['add', a, - '--random-password', '--must-change-at-next-login']) - ) - ); - const resultsUserInsert = await Promise.all(usersToInsert); - resultsUserInsert.forEach(({stdout}) => console.log(stdout)); + printResults(resultsRoleInsert); // PROCEDIMIENTO PARA INSERTAR USUARIOS ASOCIADOS AL ROL let usersToGroup = rolesToInsert.flatMap(role => usersMap.get(role.name).map( - a => this.sambaTool('group', ['addmembers', role.vn, a]) + a => this.sambaTool('group', ['addmembers', role.name, a]) ) ); const resultsUserGroup = await Promise.all(usersToGroup); - resultsUserGroup.forEach(({stdout}) => console.log(stdout)); + printResults(resultsUserGroup); } if (rolesToUpdate.length > 0) { let promises = []; - //OBTENER LDAPSJS MIEMBROS ROLES - + // OBTENER LDAPSJS MIEMBROS ROLES + for await (const role of rolesToUpdate) { const users = await this.sambaTool('group', ['listmembers', role]); const usersToDelete = differences(users, usersMap.get(role)); - promises.push(usersToDelete.map(user => this.sambaTool('group', ['removemembers', user.name]))); + promises.push(usersToDelete.map(user => + this.sambaTool('group', ['removemembers', user.name]))); const usersToInsert = differences(usersMap.get(role), users); - promises.push(usersToInsert.map(user => this.sambaTool('group', ['addmembers', user.name]))); + promises.push(usersToInsert.map(user => + this.sambaTool('group', ['addmembers', role.name, user.name]))); await Promise.all(promises); } diff --git a/modules/account/back/util/helpers.js b/modules/account/back/util/helpers.js index 8ed67b87dd..0e5ad9b9ca 100644 --- a/modules/account/back/util/helpers.js +++ b/modules/account/back/util/helpers.js @@ -1,12 +1,17 @@ -module.exports ={ +module.exports = { toMap, binarySearch, differences, + printResults, handleExecResponse }; function handleExecResponse({stdin, stdout}) { - return stdout.split("\n"); + return stdout.split('\n'); +} +function printResults(results) { + // eslint-disable-next-line no-console + results.forEach(({stdout}) => console.log(stdout)); } function toMap(array, fn) {