forked from gitea/gitea
1
0
Fork 0

Fix accidental overwriting of LDAP team memberships (#24050) (#24065)

Backport #24050 by @sillyguodong

In the `for` loop, the value of `membershipsToAdd[org]` and
`membershipsToRemove[org]` is a slice that should be appended instead of
overwritten.
Due to the current overwrite, the LDAP group sync only matches the last
group at the moment.

## Example reproduction
- an LDAP user is both a member of
`cn=admin_staff,ou=people,dc=planetexpress,dc=com` and
`cn=ship_crew,ou=people,dc=planetexpress,dc=com`.
- configuration of `Map LDAP groups to Organization teams ` in
`Authentication Sources`:
```json
{
    "cn=admin_staff,ou=people,dc=planetexpress,dc=com":{
        "test_organization":[
            "admin_staff",
            "test_add"
        ]
    },
    "cn=ship_crew,ou=people,dc=planetexpress,dc=com":{
        "test_organization":[
            "ship_crew"
        ]
}
```
- start `Synchronize external user data` task in the `Dashboard`.
- the user was only added for the team `test_organization.ship_crew`

Co-authored-by: sillyguodong <33891828+sillyguodong@users.noreply.github.com>
This commit is contained in:
Giteabot 2023-04-12 07:22:02 -04:00 committed by GitHub
parent 29724f31c5
commit 37d3e0ec33
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions

View File

@ -52,11 +52,11 @@ func resolveMappedMemberships(sourceUserGroups container.Set[string], sourceGrou
isUserInGroup := sourceUserGroups.Contains(group) isUserInGroup := sourceUserGroups.Contains(group)
if isUserInGroup { if isUserInGroup {
for org, teams := range memberships { for org, teams := range memberships {
membershipsToAdd[org] = teams membershipsToAdd[org] = append(membershipsToAdd[org], teams...)
} }
} else { } else {
for org, teams := range memberships { for org, teams := range memberships {
membershipsToRemove[org] = teams membershipsToRemove[org] = append(membershipsToRemove[org], teams...)
} }
} }
} }