fix(ldap): sync user teams when needed [EE-4802] (#8235)

2 years ago · 1c180346e4
parent 1d5d1bb12d
commit 1c180346e4
1 changed files with 8 additions and 3 deletions
--- a/api/http/handler/auth/authenticate.go
+++ b/api/http/handler/auth/authenticate.go
@ -127,9 +127,9 @@ func (handler *Handler) authenticateLDAP(w http.ResponseWriter, user *portainer.
 		}
 	}

-	err = handler.addUserIntoTeams(user, ldapSettings)
+	err = handler.syncUserTeamsWithLDAPGroups(user, ldapSettings)
 	if err != nil {
-		log.Warn().Err(err).Msg("unable to automatically add user into teams")
+		log.Warn().Err(err).Msg("unable to automatically sync user teams with ldap")
 	}

 	return handler.writeToken(w, user, false)
@ -150,7 +150,12 @@ func (handler *Handler) persistAndWriteToken(w http.ResponseWriter, tokenData *p
 	return response.JSON(w, &authenticateResponse{JWT: token})
 }

-func (handler *Handler) addUserIntoTeams(user *portainer.User, settings *portainer.LDAPSettings) error {
+func (handler *Handler) syncUserTeamsWithLDAPGroups(user *portainer.User, settings *portainer.LDAPSettings) error {
+	// only sync if there is a group base DN
+	if len(settings.GroupSearchSettings) == 0 || len(settings.GroupSearchSettings[0].GroupBaseDN) == 0 {
+		return nil
+	}
+
 	teams, err := handler.DataStore.Team().Teams()
 	if err != nil {
 		return err