From 35985d7e1856a21ea39b3f9e7a9445f6d19ec00a Mon Sep 17 00:00:00 2001 From: Matheus Barbosa Silva <36537004+matheusbsilva137@users.noreply.github.com> Date: Sat, 20 Jul 2024 09:40:30 -0300 Subject: [PATCH] fix: Rooms, teams and roles LDAP syncs are not triggered on login (#32445) --- .changeset/quick-ducks-live.md | 5 +++++ apps/meteor/server/lib/ldap/Connection.ts | 12 ++++++------ apps/meteor/server/lib/ldap/Manager.ts | 2 ++ 3 files changed, 13 insertions(+), 6 deletions(-) create mode 100644 .changeset/quick-ducks-live.md diff --git a/.changeset/quick-ducks-live.md b/.changeset/quick-ducks-live.md new file mode 100644 index 00000000000..ad628c13d08 --- /dev/null +++ b/.changeset/quick-ducks-live.md @@ -0,0 +1,5 @@ +--- +"@rocket.chat/meteor": patch +--- + +Fixed LDAP rooms, teams and roles syncs not being triggered on login even when the "Update User Data on Login" setting is enabled diff --git a/apps/meteor/server/lib/ldap/Connection.ts b/apps/meteor/server/lib/ldap/Connection.ts index 167f1b36e50..b753a2baa9d 100644 --- a/apps/meteor/server/lib/ldap/Connection.ts +++ b/apps/meteor/server/lib/ldap/Connection.ts @@ -660,12 +660,8 @@ export class LDAPConnection { this.client._updateIdle(override); } - protected async maybeBindDN(): Promise { - if (this.usingAuthentication) { - return; - } - - if (!this.options.authentication) { + protected async maybeBindDN({ forceBindAuthenticationUser = false } = {}): Promise { + if (!forceBindAuthenticationUser && (this.usingAuthentication || !this.options.authentication)) { return; } @@ -692,6 +688,10 @@ export class LDAPConnection { return this.maybeBindDN(); } + public async bindAuthenticationUser(): Promise { + return this.maybeBindDN({ forceBindAuthenticationUser: true }); + } + /* Get list of options to initialize a new ldapjs Client */ diff --git a/apps/meteor/server/lib/ldap/Manager.ts b/apps/meteor/server/lib/ldap/Manager.ts index 4a5cdf2df8d..ab000b14222 100644 --- a/apps/meteor/server/lib/ldap/Manager.ts +++ b/apps/meteor/server/lib/ldap/Manager.ts @@ -44,6 +44,8 @@ export class LDAPManager { const slugifiedUsername = this.slugifyUsername(ldapUser, username); const user = await this.findExistingUser(ldapUser, slugifiedUsername); + // Bind connection to the admin user so that RC has full access to groups in the next steps + await ldap.bindAuthenticationUser(); if (user) { return await this.loginExistingUser(ldap, user, ldapUser, password); }