From ff282e823b3d579699738db42797d285bf4e371f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 18 Jun 2023 17:45:33 +0100 Subject: [PATCH] feat: added override to ensure that admins have user perms --- src/bin/update_groups.rs | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/src/bin/update_groups.rs b/src/bin/update_groups.rs index a57b4b8..c5ed86d 100644 --- a/src/bin/update_groups.rs +++ b/src/bin/update_groups.rs @@ -39,12 +39,13 @@ fn uid_to_dn(uid: &str) -> String{ async fn update_admin(config: &Config) -> tide::Result<()>{ let users = vec!["silver", "evanc", "eoghanconlon73"]; - update_group(config,"skynet-admins", &users).await?; - + update_group(config,"skynet-admins", &users, true).await?; + // admins automatically get added as users + update_group(config,"skynet-users", &users, false).await?; Ok(()) } -async fn update_group(config: &Config, group: &str, users: &Vec<&str>) -> tide::Result<()>{ +async fn update_group(config: &Config, group: &str, users: &Vec<&str>, replace: bool) -> tide::Result<()>{ let mut ldap = LdapConn::new(&config.ldap_host)?; // use the admin account @@ -52,13 +53,26 @@ async fn update_group(config: &Config, group: &str, users: &Vec<&str>) -> tide:: let dn_skynet_admins = format!("cn={},ou=groups,dc=skynet,dc=ie", group); let skynet_admins = users.clone().into_iter().map(|uid| uid_to_dn(uid)).collect(); - let mods = vec![Mod::Replace("member".to_string(), skynet_admins)]; - ldap.modify(&dn_skynet_admins, mods)?.success()?; + let mods = if replace { + vec![Mod::Replace("member".to_string(), skynet_admins)] + } else { + vec![Mod::Add("member".to_string(), skynet_admins)] + }; + + if let Err(x) = ldap.modify(&dn_skynet_admins, mods) { + println!("{:?}", x); + } let dn_skynet_admins_linux = format!("cn={}-linux,ou=groups,dc=skynet,dc=ie", group); let skynet_admins_linux = users.clone().into_iter().map(|uid| uid.to_string()).collect(); - let mods = vec![Mod::Replace("memberUid".to_string(), skynet_admins_linux)]; - ldap.modify(&dn_skynet_admins_linux, mods)?.success()?; + let mods = if replace { + vec![Mod::Replace("memberUid".to_string(), skynet_admins_linux)] + } else { + vec![Mod::Add("memberUid".to_string(), skynet_admins_linux)] + }; + if let Err(x) = ldap.modify(&dn_skynet_admins_linux, mods){ + println!("{:?}", x); + }; ldap.unbind()?;