fix: Rooms, teams and roles LDAP syncs are not triggered on login (#32445)

1 year ago · 35985d7e18
parent d4d144530c
commit 35985d7e18
3 changed files with 13 additions and 6 deletions
--- a/.changeset/quick-ducks-live.md
+++ b/.changeset/quick-ducks-live.md
@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+Fixed LDAP rooms, teams and roles syncs not being triggered on login even when the "Update User Data on Login" setting is enabled 
--- a/apps/meteor/server/lib/ldap/Connection.ts
+++ b/apps/meteor/server/lib/ldap/Connection.ts
@ -660,12 +660,8 @@ export class LDAPConnection {
 		this.client._updateIdle(override);
 	}

-	protected async maybeBindDN(): Promise<void> {
-		if (this.usingAuthentication) {
-			return;
-		}
-
-		if (!this.options.authentication) {
+	protected async maybeBindDN({ forceBindAuthenticationUser = false } = {}): Promise<void> {
+		if (!forceBindAuthenticationUser && (this.usingAuthentication || !this.options.authentication)) {
 			return;
 		}

@ -692,6 +688,10 @@ export class LDAPConnection {
 		return this.maybeBindDN();
 	}

+	public async bindAuthenticationUser(): Promise<void> {
+		return this.maybeBindDN({ forceBindAuthenticationUser: true });
+	}
+
 	/*
 		Get list of options to initialize a new ldapjs Client
 	*/
--- a/apps/meteor/server/lib/ldap/Manager.ts
+++ b/apps/meteor/server/lib/ldap/Manager.ts
@ -44,6 +44,8 @@ export class LDAPManager {
 			const slugifiedUsername = this.slugifyUsername(ldapUser, username);
 			const user = await this.findExistingUser(ldapUser, slugifiedUsername);

+			// Bind connection to the admin user so that RC has full access to groups in the next steps
+			await ldap.bindAuthenticationUser();
 			if (user) {
 				return await this.loginExistingUser(ldap, user, ldapUser, password);
 			}