From d2dcab302f0a1409fdd0a44ba2de3a6b8845abfe Mon Sep 17 00:00:00 2001
From: Rodrigo Nascimento <rodrigoknascimento@gmail.com>
Date: Thu, 21 Jan 2016 12:55:25 -0200
Subject: [PATCH] Add "Default Domain" to LDAP config

---
 i18n/en.i18n.json                             |  3 ++-
 packages/rocketchat-ldap/config_server.coffee |  3 +++
 packages/rocketchat-ldap/ldap_server.js       | 10 ++++++----
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/i18n/en.i18n.json b/i18n/en.i18n.json
index 75144642647..a9dcc003535 100644
--- a/i18n/en.i18n.json
+++ b/i18n/en.i18n.json
@@ -256,6 +256,7 @@
   "LDAP_Bind_Search" : "Bind Search",
   "LDAP_Bind_Search_Description" : "A piece of JSON that governs bind and connection info and is of the form {\"filter\": \"(&(objectCategory=person)(objectclass=user)(memberOf=CN=ROCKET_ACCESS,CN=Users,DC=domain,DC=com)(sAMAccountName=#{username}))\", \"scope\": \"sub\", \"userDN\": \"rocket.service@domain.com\", \"password\": \"urpass\"}",
   "LDAP_CA_Cert" : "CA Cert",
+  "LDAP_Default_Domain" : "Default Domain",
   "LDAP_Description" : "LDAP is a hierarchical database that many companies use to provide single sign on - a facility for sharing one password between multiple sites and services. For advanced configuration information and examples, please consult our wiki: https://github.com/RocketChat/Rocket.Chat/wiki/LDAP-Authentication.",
   "LDAP_DN" : "Distinguished Name (DN)",
   "LDAP_DN_Description" : "Search root; example: dc=domain,dc=com",
@@ -614,4 +615,4 @@
   "Your_mail_was_sent_to_s" : "Your mail was sent to %s",
   "Your_Open_Source_solution" : "Your own Open Source chat solution",
   "Your_push_was_sent_to_s_devices" : "Your push was sent to %s devices"
-}
\ No newline at end of file
+}
diff --git a/packages/rocketchat-ldap/config_server.coffee b/packages/rocketchat-ldap/config_server.coffee
index 66e79c07854..2b9f7547dda 100644
--- a/packages/rocketchat-ldap/config_server.coffee
+++ b/packages/rocketchat-ldap/config_server.coffee
@@ -18,6 +18,7 @@ Meteor.startup ->
 		@add 'LDAP_Bind_Search', '', { type: 'string' , enableQuery: enableQuery }
 		@add 'LDAP_Sync_User_Data', false, { type: 'boolean' , enableQuery: enableQuery }
 		@add 'LDAP_Sync_User_Data_FieldMap', '{"cn":"name", "mail":"email"}', { type: 'string', enableQuery: enableQuery }
+		@add 'LDAP_Default_Domain', '', { type: 'string' , enableQuery: enableQuery }
 
 
 timer = undefined
@@ -36,6 +37,7 @@ updateServices = ->
 			LDAP_DEFAULTS.port = RocketChat.settings.get 'LDAP_Port' if RocketChat.settings.get 'LDAP_Port'
 			LDAP_DEFAULTS.dn = RocketChat.settings.get 'LDAP_DN' or false
 			LDAP_DEFAULTS.bindSearch = RocketChat.settings.get 'LDAP_Bind_Search' or ''
+			LDAP_DEFAULTS.defaultDomain = RocketChat.settings.get 'LDAP_Default_Domain' or ''
 		else
 			LDAP_DEFAULTS.TLS = undefined
 			LDAP_DEFAULTS.CACert = undefined
@@ -44,6 +46,7 @@ updateServices = ->
 			LDAP_DEFAULTS.port = undefined
 			LDAP_DEFAULTS.dn = undefined
 			LDAP_DEFAULTS.bindSearch = undefined
+			LDAP_DEFAULTS.defaultDomain = undefined
 	, 2000
 
 RocketChat.models.Settings.find().observe
diff --git a/packages/rocketchat-ldap/ldap_server.js b/packages/rocketchat-ldap/ldap_server.js
index 917c1db951f..9f0311d0139 100644
--- a/packages/rocketchat-ldap/ldap_server.js
+++ b/packages/rocketchat-ldap/ldap_server.js
@@ -15,7 +15,7 @@ LDAP_DEFAULTS = {
 	port: '389',
 	dn: false,
 	createNewUser: true,
-	defaultDomain: false,
+	defaultDomain: '',
 	searchResultsProfileMap: false,
 	bindSearch: undefined
 };
@@ -49,7 +49,7 @@ function startTLS(client) {
 		rejectUnauthorized: LDAP_DEFAULTS.rejectUnauthorized
 	};
 
-	if ( LDAP_DEFAULTS.CACert && LDAP_DEFAULTS.CACert != '' ){
+	if ( LDAP_DEFAULTS.CACert && LDAP_DEFAULTS.CACert !== '' ){
 		opts.ca = [LDAP_DEFAULTS.CACert];
 	}
 
@@ -76,6 +76,8 @@ LDAP.prototype.ldapCheck = function(options) {
 
 	options = options || {};
 
+	options.defaultDomain = options.defaultDomain || LDAP_DEFAULTS.defaultDomain;
+
 	if (!options.hasOwnProperty('username') || !options.hasOwnProperty('ldapPass')) {
 		throw new Meteor.Error(403, "Missing LDAP Auth Parameter");
 	}
@@ -111,7 +113,7 @@ LDAP.prototype.ldapCheck = function(options) {
 		// And use the defaults.defaultDomain if set
 		if (emailSliceIndex !== -1) {
 			username = options.username.substring(0, emailSliceIndex);
-			domain = domain || options.username.substring((emailSliceIndex + 1), options.username.length);
+			domain = options.username.substring((emailSliceIndex + 1), options.username.length) || domain;
 		} else {
 			username = options.username;
 		}
@@ -270,7 +272,7 @@ Accounts.registerLoginHandler("ldap", function(loginRequest) {
 				digest: SHA256(loginRequest.ldapPass),
 				algorithm: "sha-256"
 			}
-		}
+		};
 
 		return Accounts._runLoginHandlers(self, loginRequest);
 		// throw new Meteor.Error("LDAP-login-error", ldapResponse.error);