Commit 157bb262 authored by Jim Brandt's avatar Jim Brandt
Browse files

Add regex match option for LDAP group members.

Added a feature to allow you to use a regex to match an LDAP member
field. But upon further review, I don't think it would ever be
needed unless someone's LDAP was really mis-configured. So this
commit is for posterity only.
(cherry picked from commit f5b2b5c7d0a02577f36782bebfdc5ff2082f9951)

Adding back docs for this feature so they fit with the docs
branch this was pulled from.
parent 8c4e83f2
......@@ -18,11 +18,27 @@ use Data::Dumper;
RT::Extension::LDAPImport - Import Users from an LDAP store
=head1 SYNOPSIS
use RT::Extension::LDAPImport;
=head1 CONFIGURATION
If the LDAP group field you are mapping to doesn't have a
simple username, you provide a regex to pull the name out
with Member_Attr_Regex. The capture value in the regex will be
used to find the username.
Set($LDAPGroupMapping, {Name => 'cn',
Member_Attr => 'member',
Member_Attr_Value => 'dn'
Member_Attr_Regex => qr/^cn=(\w+)\,/,
});
The above would pull the name out of an entry something like
cn=somename,ou=company
=head1 METHODS
=head2 connect_ldap
......@@ -865,6 +881,13 @@ sub _get_group_members_from_ldap {
my $mapping = $RT::LDAPGroupMapping;
my $members = $ldap_entry->get_value($mapping->{Member_Attr}, asref => 1);
if ( exists $mapping->{Member_Attr_Regex}
and defined $mapping->{Member_Attr_Regex} ) {
@{$members} = map{ /$mapping->{Member_Attr_Regex}/ } @{$members};
}
return $members;
}
......
use strict;
use warnings;
use lib 't/lib';
use RT::Extension::LDAPImport::Test tests => 66;
use RT::Extension::LDAPImport::Test tests => 74;
eval { require Net::LDAP::Server::Test; 1; } or do {
plan skip_all => 'Unable to test without Net::Server::LDAP::Test';
};
......@@ -99,6 +99,39 @@ RT->Config->Set('LDAPGroupMapping',
});
import_group_members_ok( memberUid => 'uid' );
# Test a regex on Member_Attr
# This is for a case where the member attribute
# isn't the simple member name.
@ldap_group_entries = ();
{
my $groupname = "Test Group 5";
my $dn = "cn=$groupname,ou=groups,dc=bestpractical,dc=com";
my $entry = {
cn => $groupname,
members => [ map { $_->{dn} } @ldap_user_entries[3,7,11] ],
# Make an entries that looks like cn=testuser12,ou=foo,dc=bestpractical
memberUid => [ map { 'cn=' . $_->{uid} . ',ou=foo,dc=bestpractical' }
@ldap_user_entries[3,7,11] ],
objectClass => 'Test5',
};
$ldap->add( $dn, attr => [%$entry] );
# Fix entry for expected value after regex.
$entry->{memberUid} = [ map { $_->{uid} } @ldap_user_entries[3,7,11] ];
push @ldap_group_entries, $entry;
}
RT->Config->Set('LDAPGroupFilter','(objectClass=Test5)');
RT->Config->Set('LDAPGroupMapping',
{Name => 'cn',
Member_Attr => 'memberUid',
Member_Attr_Value => 'uid',
Member_Attr_Regex => qr/^cn=(\w+)\,/,
});
import_group_members_ok( memberUid => 'uid' );
sub import_group_members_ok {
my $attr = shift;
my $user_attr = shift;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment