WIP: #5770 - Sync Groups Samba #1946
|
|
@ -1,9 +1,8 @@
|
|||
const app = require('vn-loopback/server/server');
|
||||
const ldap = require('../util/ldapjs-extra');
|
||||
const { differences, handleExecResponse, toMap } = require('../util/helpers');
|
||||
const { stdout } = require('process');
|
||||
const {differences, toMap, printResults} = require('../util/helpers');
|
||||
const execFile = require('child_process').execFile;
|
||||
const ROLE_PREFIX = 'VN_';
|
||||
// const ROLE_PREFIX = 'VN_';
|
||||
/**
|
||||
* Summary of userAccountControl flags:
|
||||
* https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
|
||||
|
|
@ -25,6 +24,7 @@ module.exports = Self => {
|
|||
'adUser',
|
||||
'adPassword',
|
||||
'userDn',
|
||||
'groupDn',
|
||||
'verifyCert'
|
||||
]
|
||||
});
|
||||
|
|
@ -47,6 +47,7 @@ module.exports = Self => {
|
|||
Object.assign(this, {
|
||||
adClient,
|
||||
fullUsersDn: `${this.userDn},${baseDn}`,
|
||||
fullGroupsDn: `${this.groupDn},${baseDn}`,
|
||||
bindDn
|
||||
});
|
||||
},
|
||||
|
|
@ -182,28 +183,27 @@ module.exports = Self => {
|
|||
|
||||
// Prepare data
|
||||
try {
|
||||
const filter = '(cn=VN_*)'
|
||||
const scope = 'sub'
|
||||
const baseDN = 'cn=Users,dc=verdnatura,dc=es';
|
||||
const ldapMembersGroups = await this.adClient.searchAll(baseDN,{
|
||||
scope,
|
||||
attributes: ['cn','member'],
|
||||
filter
|
||||
});
|
||||
// const filter = '(cn=VN_*)';
|
||||
const scope = 'sub';
|
||||
// const baseDN = 'cn=Users,dc=verdnatura,dc=es';
|
||||
// const ldapMembersGroups = await this.adClient.searchAll(baseDN, {
|
||||
// scope,
|
||||
// attributes: ['cn', 'member'],
|
||||
// filter
|
||||
// });
|
||||
// OBTENER ROLES
|
||||
let rolesBD = (await $.VnRole.find({
|
||||
let roles = (await $.VnRole.find({
|
||||
fields: ['id', 'name', 'description'],
|
||||
order: 'modified DESC',
|
||||
limit: 1
|
||||
}));
|
||||
let roles = rolesBD.map(({id, name, description}) => ({vn:`${ROLE_PREFIX}${name}`, name, id, description}));
|
||||
let rolesName = roles.map(role=>role.name)
|
||||
//OBTENER LDAPSJS ROLES
|
||||
const ldapGroups = (await this.adClient.searchAll(baseDN,{
|
||||
|
||||
let rolesName = roles.map(role => role.name);
|
||||
// OBTENER LDAPSJS ROLES
|
||||
const ldapGroups = (await this.adClient.searchAll(baseDN, {
|
||||
scope,
|
||||
attributes: ['cn', 'description'],
|
||||
filter
|
||||
}))/*, (err, res)=>{
|
||||
}));/* , (err, res)=>{
|
||||
res.on('searchEntry', entry=>{
|
||||
console.log(entry)
|
||||
})
|
||||
|
|
@ -215,7 +215,9 @@ module.exports = Self => {
|
|||
})
|
||||
})*/
|
||||
// OBTENER SAMBA ROLES
|
||||
let sambaCurrentRoles = ldapGroups.map(({cn})=>cn);;// handleExecResponse(await this.sambaTool('group', ['list'])).filter(group => group.startsWith(ROLE_PREFIX));
|
||||
let sambaCurrentRoles = ldapGroups.map(({cn}) => cn);
|
||||
// handleExecResponse(await this.sambaTool('group', ['list']))
|
||||
// .filter(group => group.startsWith(ROLE_PREFIX));
|
||||
|
||||
// Encontrar elementos a eliminar
|
||||
const rolesToDelete = differences(sambaCurrentRoles, rolesName);
|
||||
|
|
@ -252,7 +254,7 @@ module.exports = Self => {
|
|||
usersMap.set('group1', ['employee']);
|
||||
if (rolesToDelete.length > 0) {
|
||||
// PROCEDIMIENTO PARA ELIMINAR USUARIOS ASOCIADOS AL ROL
|
||||
let usersToDelete = rolesToDelete.flatMap(role => {
|
||||
let usersToUngroup = rolesToDelete.flatMap(role => {
|
||||
const exist = usersMap.get(role);
|
||||
|
||||
if (exist) {
|
||||
|
|
@ -262,49 +264,47 @@ module.exports = Self => {
|
|||
} else return [];
|
||||
}
|
||||
);
|
||||
const resultsUserDelete = await Promise.all(usersToDelete);
|
||||
const resultsUsersUngroup = await Promise.all(usersToUngroup);
|
||||
printResults(resultsUsersUngroup);
|
||||
|
||||
// PROCEDIMIENTO PARA ELIMINAR ROLES
|
||||
//const resultsRoleDelete = await Promise.all(
|
||||
// rolesToDelete.map(role => this.sambaTool('group', ['delete', role]))
|
||||
// );
|
||||
const resultsRoleDelete = await Promise.all(
|
||||
rolesToDelete.map(role => this.sambaTool('group', ['delete', role]))
|
||||
);
|
||||
printResults(resultsRoleDelete);
|
||||
}
|
||||
|
||||
if (rolesToInsert.length > 0) {
|
||||
// PROCEDIMIENTO PARA INSERTAR ROLES
|
||||
const resultsRoleInsert = await Promise.all(
|
||||
rolesToInsert.map(({description,vn}) => this.sambaTool('group', ['add', vn, `--description="${description}"`]))
|
||||
rolesToInsert.map(
|
||||
({description, name}) =>
|
||||
this.sambaTool('group',
|
||||
['add', name, `--groupou=${this.groupDN}`, `--description="${description}"`]))
|
||||
);
|
||||
resultsRoleInsert.forEach(({stdout}) => console.log(stdout));
|
||||
|
||||
// PROCEDIMIENTO PARA INSERTAR USUARIOS ASOCIADOS AL ROL
|
||||
let usersToInsert = rolesToInsert.flatMap(({name: role} )=> usersMap.get(role).map(
|
||||
a => this.sambaTool('user', ['add', a,
|
||||
'--random-password', '--must-change-at-next-login'])
|
||||
)
|
||||
);
|
||||
const resultsUserInsert = await Promise.all(usersToInsert);
|
||||
resultsUserInsert.forEach(({stdout}) => console.log(stdout));
|
||||
printResults(resultsRoleInsert);
|
||||
|
||||
// PROCEDIMIENTO PARA INSERTAR USUARIOS ASOCIADOS AL ROL
|
||||
let usersToGroup = rolesToInsert.flatMap(role => usersMap.get(role.name).map(
|
||||
a => this.sambaTool('group', ['addmembers', role.vn, a])
|
||||
a => this.sambaTool('group', ['addmembers', role.name, a])
|
||||
)
|
||||
);
|
||||
const resultsUserGroup = await Promise.all(usersToGroup);
|
||||
resultsUserGroup.forEach(({stdout}) => console.log(stdout));
|
||||
printResults(resultsUserGroup);
|
||||
}
|
||||
|
||||
if (rolesToUpdate.length > 0) {
|
||||
let promises = [];
|
||||
//OBTENER LDAPSJS MIEMBROS ROLES
|
||||
|
||||
// OBTENER LDAPSJS MIEMBROS ROLES
|
||||
|
||||
for await (const role of rolesToUpdate) {
|
||||
const users = await this.sambaTool('group', ['listmembers', role]);
|
||||
const usersToDelete = differences(users, usersMap.get(role));
|
||||
promises.push(usersToDelete.map(user => this.sambaTool('group', ['removemembers', user.name])));
|
||||
promises.push(usersToDelete.map(user =>
|
||||
this.sambaTool('group', ['removemembers', user.name])));
|
||||
const usersToInsert = differences(usersMap.get(role), users);
|
||||
promises.push(usersToInsert.map(user => this.sambaTool('group', ['addmembers', user.name])));
|
||||
promises.push(usersToInsert.map(user =>
|
||||
this.sambaTool('group', ['addmembers', role.name, user.name])));
|
||||
|
||||
await Promise.all(promises);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,12 +1,17 @@
|
|||
module.exports ={
|
||||
module.exports = {
|
||||
toMap,
|
||||
binarySearch,
|
||||
differences,
|
||||
printResults,
|
||||
handleExecResponse
|
||||
};
|
||||
|
||||
function handleExecResponse({stdin, stdout}) {
|
||||
return stdout.split("\n");
|
||||
return stdout.split('\n');
|
||||
}
|
||||
function printResults(results) {
|
||||
// eslint-disable-next-line no-console
|
||||
results.forEach(({stdout}) => console.log(stdout));
|
||||
}
|
||||
|
||||
function toMap(array, fn) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue