WIP: #5770 - Sync Groups Samba #1946
|
@ -1,4 +1,4 @@
|
|||
|
||||
const app = require('vn-loopback/server/server');
|
||||
const ldap = require('../util/ldapjs-extra');
|
||||
const execFile = require('child_process').execFile;
|
||||
|
||||
|
@ -168,6 +168,85 @@ module.exports = Self => {
|
|||
};
|
||||
await this.adClient.searchForeach(this.fullUsersDn, opts,
|
||||
o => usersToSync.add(o.sAMAccountName));
|
||||
},
|
||||
|
||||
async syncRoles(role) {
|
||||
let $ = app.models;
|
||||
let {
|
||||
client,
|
||||
accountConfig
|
||||
} = this;
|
||||
|
||||
// Prepare data
|
||||
|
||||
let roles = await $.VnRole.find({
|
||||
fields: ['id', 'name', 'description'],
|
||||
where: {
|
||||
name: role
|
||||
}
|
||||
});
|
||||
let roleRoles = await $.RoleRole.find({
|
||||
fields: ['role', 'inheritsFrom']
|
||||
});
|
||||
let roleMap = toMap(roleRoles, e => {
|
||||
return {key: e.inheritsFrom, val: e.role};
|
||||
});
|
||||
|
||||
let accounts = await $.Account.find({
|
||||
fields: ['id'],
|
||||
include: {
|
||||
relation: 'user',
|
||||
scope: {
|
||||
fields: ['name', 'roleFk'],
|
||||
where: {active: true}
|
||||
}
|
||||
}
|
||||
});
|
||||
let accountMap = toMap(accounts, e => {
|
||||
let user = e.user();
|
||||
if (!user) return;
|
||||
return {key: user.roleFk, val: user.name};
|
||||
});
|
||||
|
||||
// Delete roles
|
||||
|
||||
let opts = {
|
||||
scope: 'sub',
|
||||
attributes: ['dn'],
|
||||
filter: 'objectClass=posixGroup'
|
||||
};
|
||||
let reqs = [];
|
||||
await client.searchForeach(this.groupDn, opts, object => {
|
||||
if (shouldSync)
|
||||
reqs.push(client.del(object.dn));
|
||||
});
|
||||
await Promise.all(reqs);
|
||||
|
||||
// Recreate roles
|
||||
|
||||
reqs = [];
|
||||
for (let role of roles) {
|
||||
let newEntry = {
|
||||
objectClass: ['top', 'posixGroup'],
|
||||
cn: role.name,
|
||||
description: role.description,
|
||||
gidNumber: accountConfig.idBase + role.id
|
||||
};
|
||||
|
||||
let memberUid = [];
|
||||
for (let subrole of roleMap.get(role.id) || [])
|
||||
memberUid = memberUid.concat(accountMap.get(subrole) || []);
|
||||
|
||||
if (memberUid.length) {
|
||||
memberUid.sort((a, b) => a.localeCompare(b));
|
||||
newEntry.memberUid = memberUid;
|
||||
}
|
||||
|
||||
let dn = `cn=${role.name},${this.groupDn}`;
|
||||
if (shouldSync)
|
||||
reqs.push(client.add(dn, newEntry));
|
||||
}
|
||||
await Promise.all(reqs);
|
||||
}
|
||||
});
|
||||
};
|
||||
|
|
|
@ -0,0 +1,61 @@
|
|||
const app = require('vn-loopback/server/server');
|
||||
const RoleControlFlags = {
|
||||
ACCOUNTDISABLE: 0x2
|
||||
};
|
||||
describe('Samba config', () => {
|
||||
// const employeeId = 1;
|
||||
// const developerId = 9;
|
||||
// const sysadminId = 66;
|
||||
// const itBossId = 104;
|
||||
// const rootId = 100;
|
||||
// const clarkKent = 1103;
|
||||
|
||||
const roles = {
|
||||
|
||||
itBoss: {id: 104, value: 'itBoss'}
|
||||
};
|
||||
|
||||
it('With role as argument', async() => {
|
||||
syncRole(roles.itBoss.value);
|
||||
});
|
||||
|
||||
it('No role as argument', async() => {
|
||||
|
||||
});
|
||||
});
|
||||
|
||||
async function syncRole(roleName, info) {
|
||||
let vnRoleArgs = {
|
||||
fields: ['id', 'name', 'description'],
|
||||
|
||||
};
|
||||
let role = null;
|
||||
let roles = [];
|
||||
if (roleName) {
|
||||
vnRoleArgs.where = {
|
||||
name: roleName
|
||||
};
|
||||
role = await $.VnRole.find(vnRoleArgs);
|
||||
} else roles = await $.VnRole.find(vnRoleArgs);
|
||||
let roleRoleArgs = {
|
||||
fields: ['role', 'inheritsFrom'],
|
||||
|
||||
};
|
||||
if (role) roleRoleArgs.where = {'role.id': roles[0].id};
|
||||
let roleRoles = await $.RoleRole.find(roleRoleArgs);
|
||||
let roleMap = toMap(roleRoles, e => {
|
||||
return {key: e.inheritsFrom, val: e.role};
|
||||
});
|
||||
|
||||
let currentGroupList = await this.sambaTool('group', ['list']);
|
||||
if (info.disableGroup || info.enableGroup) {
|
||||
if (currentGroupList.includes(roleName))
|
||||
await this.sambaTool('group', ['modify', roleName, `--is-visible=${info.enableGroup ? 'yes' : 'no'}`]);
|
||||
} else if (info.removeGroup)
|
||||
await this.sambaTool('group', ['delete']);
|
||||
|
||||
else if (info.recreateGroups) {
|
||||
for (const role of roleMap)
|
||||
await this.sambaTool('group', ['add', roleName, `--description=${role.description}`]);
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue