Skynet/ldap_backend
6
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

feat: added override to ensure that admins have user perms

Browse source
This commit is contained in:
silver 2023-06-18 17:45:33 +01:00
parent dc7139a86f
commit ff282e823b
1 changed files with 21 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
src/bin/update_groups.rs
View file

@ -39,12 +39,13 @@ fn uid_to_dn(uid: &str) -> String{
async fn update_admin(config: &Config) -> tide::Result<()>{
let users = vec!["silver", "evanc", "eoghanconlon73"];
update_group(config,"skynet-admins", &users).await?;
update_group(config,"skynet-admins", &users, true).await?;
// admins automatically get added as users
update_group(config,"skynet-users", &users, false).await?;
Ok(())
}
async fn update_group(config: &Config, group: &str, users: &Vec<&str>) -> tide::Result<()>{
async fn update_group(config: &Config, group: &str, users: &Vec<&str>, replace: bool) -> tide::Result<()>{
let mut ldap = LdapConn::new(&config.ldap_host)?;
// use the admin account
@ -52,13 +53,26 @@ async fn update_group(config: &Config, group: &str, users: &Vec<&str>) -> tide::
let dn_skynet_admins = format!("cn={},ou=groups,dc=skynet,dc=ie", group);
let skynet_admins = users.clone().into_iter().map(|uid| uid_to_dn(uid)).collect();
let mods = vec![Mod::Replace("member".to_string(), skynet_admins)];
ldap.modify(&dn_skynet_admins, mods)?.success()?;
let mods = if replace {
vec![Mod::Replace("member".to_string(), skynet_admins)]
} else {
vec![Mod::Add("member".to_string(), skynet_admins)]
};
if let Err(x) = ldap.modify(&dn_skynet_admins, mods) {
println!("{:?}", x);
}
let dn_skynet_admins_linux = format!("cn={}-linux,ou=groups,dc=skynet,dc=ie", group);
let skynet_admins_linux = users.clone().into_iter().map(|uid| uid.to_string()).collect();
let mods = vec![Mod::Replace("memberUid".to_string(), skynet_admins_linux)];
ldap.modify(&dn_skynet_admins_linux, mods)?.success()?;
let mods = if replace {
vec![Mod::Replace("memberUid".to_string(), skynet_admins_linux)]
} else {
vec![Mod::Add("memberUid".to_string(), skynet_admins_linux)]
};
if let Err(x) = ldap.modify(&dn_skynet_admins_linux, mods){
println!("{:?}", x);
};
ldap.unbind()?;