DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-01-12 06:17:28 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Try to better handle LDAP Manager settings that don't line up with what we expect

Browse source
This commit is contained in:
Brady Wetherington 2022-10-19 18:36:16 -07:00
parent 23e613f903
commit 8fb61cf5f8
1 changed files with 17 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
app/Console/Commands/LdapSync.php
View file

@ -218,10 +218,24 @@ class LdapSync extends Command
if($item['manager'] != null) {
// Get the LDAP Manager
$ldap_manager = Ldap::findLdapUsers($item['manager'], -1, $this->option('filter'));
try {
$ldap_manager = Ldap::findLdapUsers($item['manager'], -1, $this->option('filter')); // *THIS* call might be messing us up, somehow? Like, maybe breaking pagination or something?
} catch (\Exception $e) {
\Log::warn("Manager lookup caused an exception: ".$e->getMessage().". Falling back to direct username lookup");
// Hail-mary for Okta manager 'shortnames' - will only work if
// Okta configuration is using full email-address-style usernames
$ldap_manager = [
"count" => 1,
0 => [
$ldap_result_username => [$item['manager']]
]
];
}
if($ldap_manager["count"] > 0) {
// Get the Managers username
if ($ldap_manager["count"] > 0) {
// Get the Manager's username
// PHP LDAP returns every LDAP attribute as an array, and 90% of the time it's an array of just one item. But, hey, it's an array.
$ldapManagerUsername = $ldap_manager[0][$ldap_result_username][0];
// Get User from Manager username.
@ -233,7 +247,6 @@ class LdapSync extends Command
}
}
}
// Sync activated state for Active Directory.
if ( !empty($ldap_result_active_flag)) { // IF we have an 'active' flag set....
// ....then *most* things that are truthy will activate the user. Anything falsey will deactivate them.