operasoftware
diff --git a/‎config/config-sample.ini‎
Lines changed: 3 additions & 0 deletions b/‎config/config-sample.ini‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎model/user.php‎
Lines changed: 29 additions & 2 deletions b/‎model/user.php‎
Lines changed: 29 additions & 2 deletions
diff --git a/‎scripts/ldap_update.php‎
Lines changed: 0 additions & 14 deletions b/‎scripts/ldap_update.php‎
Lines changed: 0 additions & 14 deletions
@@ -138,6 +138,9 @@ group_member_value = uid
 ; interface
 admin_group_cn = ska-administrators
 
+; Other LDAP groups that should have their memberships synced
+;sync_groups[] = ldap_group_name
+
 [inventory]
 ; SSH Key Authority will read the contents of the file /etc/uuid (if it
 ; exists) when syncing with a server. If a value is found, it can be used as a
 
@@ -298,7 +298,7 @@ public function check_csrf_token($token) {
 * @throws UserNotFoundException if the user is not found in LDAP
 */
 public function get_details_from_ldap() {
-global $config;
+global $config, $group_dir;
 $attributes = array();
 $attributes[] = 'dn';
 $attributes[] = $config['ldap']['user_id'];
@@ -327,8 +327,35 @@ public function get_details_from_ldap() {
 $this->admin = 0;
 $group_member = $ldapuser[strtolower($config['ldap']['group_member_value'])];
 $ldapgroups = $this->ldap->search($config['ldap']['dn_group'], LDAP::escape($config['ldap']['group_member']).'='.LDAP::escape($group_member), array('cn'));
+$memberships = array();
 foreach($ldapgroups as $ldapgroup) {
-if($ldapgroup['cn'] == $config['ldap']['admin_group_cn']) $this->admin = 1;
+$memberships[$ldapgroup['cn']] = true;
+}
+if(isset($config['ldap']['sync_groups']) && is_array($config['ldap']['sync_groups'])) {
+$syncgroups = $config['ldap']['sync_groups'];
+} else {
+$syncgroups = array();
+}
+$syncgroups[] = $config['ldap']['admin_group_cn'];
+foreach($syncgroups as $syncgroup) {
+try {
+$group = $group_dir->get_group_by_name($syncgroup);
+} catch(GroupNotFoundException $e) {
+$group = new Group;
+$group->name = $syncgroup;
+$group->system = 1;
+$group_dir->add_group($group);
+}
+if(isset($memberships[$syncgroup])) {
+if($syncgroup == $config['ldap']['admin_group_cn']) $this->admin = 1;
+if(!$this->member_of($group)) {
+$group->add_member($this);
+}
+} else {
+if($this->member_of($group)) {
+$group->delete_member($this);
+}
+}
 }
 } else {
 throw new UserNotFoundException('User does not exist.');
 
@@ -35,14 +35,6 @@
 $user_dir->add_user($active_user);
 }
 
-try {
-$sysgrp = $group_dir->get_group_by_name($config['ldap']['admin_group_cn']);
-} catch(GroupNotFoundException $e) {
-$sysgrp = new Group;
-$sysgrp->name = $config['ldap']['admin_group_cn'];
-$sysgrp->system = 1;
-$group_dir->add_group($sysgrp);
-}
 foreach($users as $user) {
 if($user->auth_realm == 'LDAP') {
 $active = $user->active;
@@ -88,12 +80,6 @@
 }
 }
 }
-if($user->admin && $user->active && !$user->member_of($sysgrp)) {
-$sysgrp->add_member($user);
-}
-if(!($user->admin && $user->active) && $user->member_of($sysgrp)) {
-$sysgrp->delete_member($user);
-}
 $user->update();
 }
 }
Original file line number	Diff line number	Diff line change
`@@ -35,14 +35,6 @@`
`35`	`35`	`$user_dir->add_user($active_user);`
`36`	`36`	`}`
`37`	`37`
`38`		`-try {`
`39`		`-$sysgrp = $group_dir->get_group_by_name($config['ldap']['admin_group_cn']);`
`40`		`-} catch(GroupNotFoundException $e) {`
`41`		`-$sysgrp = new Group;`
`42`		`-$sysgrp->name = $config['ldap']['admin_group_cn'];`
`43`		`-$sysgrp->system = 1;`
`44`		`-$group_dir->add_group($sysgrp);`
`45`		`-}`
`46`	`38`	`foreach($users as $user) {`
`47`	`39`	`if($user->auth_realm == 'LDAP') {`
`48`	`40`	`$active = $user->active;`
`@@ -88,12 +80,6 @@`
`88`	`80`	`}`
`89`	`81`	`}`
`90`	`82`	`}`
`91`		`-if($user->admin && $user->active && !$user->member_of($sysgrp)) {`
`92`		`-$sysgrp->add_member($user);`
`93`		`-}`
`94`		`-if(!($user->admin && $user->active) && $user->member_of($sysgrp)) {`
`95`		`-$sysgrp->delete_member($user);`
`96`		`-}`
`97`	`83`	`$user->update();`
`98`	`84`	`}`
`99`	`85`	`}`