thek0tyara/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 5

fix: Only sync LDAP admin status when admin_filter is configured

Browse source 
Closes #1307
This commit is contained in:
Jade Ellis 2026-02-15 16:09:38 +00:00
parent 117c581948
commit 082c44f355
No known key found for this signature in database
GPG key ID: 8705A2A3EBF77BD2
3 changed files with 21 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

16
src/api/client/session.rs
View file

@ -107,7 +107,7 @@ pub(super) async fn ldap_login(
) -> Result<OwnedUserId> {
let (user_dn, is_ldap_admin) = match services.config.ldap.bind_dn.as_ref() {
| Some(bind_dn) if bind_dn.contains("{username}") =>
(bind_dn.replace("{username}", lowercased_user_id.localpart()), false),
(bind_dn.replace("{username}", lowercased_user_id.localpart()), None),
| _ => {
debug!("Searching user in LDAP");
@ -144,12 +144,16 @@ pub(super) async fn ldap_login(
.await?;
}
let is_conduwuit_admin = services.admin.user_is_admin(lowercased_user_id).await;
// Only sync admin status if LDAP can actually determine it.
// None means LDAP cannot determine admin status (manual config required).
if let Some(is_ldap_admin) = is_ldap_admin {
let is_conduwuit_admin = services.admin.user_is_admin(lowercased_user_id).await;
if is_ldap_admin && !is_conduwuit_admin {
Box::pin(services.admin.make_user_admin(lowercased_user_id)).await?;
} else if !is_ldap_admin && is_conduwuit_admin {
Box::pin(services.admin.revoke_admin(lowercased_user_id)).await?;
if is_ldap_admin && !is_conduwuit_admin {
Box::pin(services.admin.make_user_admin(lowercased_user_id)).await?;
} else if !is_ldap_admin && is_conduwuit_admin {
Box::pin(services.admin.revoke_admin(lowercased_user_id)).await?;
}
}
Ok(user_id)