Press n or j to go to the next uncovered block, b, p or k for the previous block.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 | 1x 1x 1x 1x 1x 1x 1x 1x | const _ = require('underscore'); const Group = require('../models/group'); const joinAttributes = require('./internal/service.joinAttributes'); const parseDistinguishedName = require('./internal/service.parseDistinguishedName'); const search = require('./internal/service.search'); const log = require('./internal/service.log'); const isGroupResult = require('./internal/service.isGroupResult'); /** * Gets all of the groups that the specified distinguishedName (DN) belongs to. * * @private * @param {Object} [opts] Optional LDAP query string parameters to execute. { scope: '', filter: '', attributes: [ '', '', ... ], sizeLimit: 0, timelimit: 0 } * @param {String} dn The distinguishedName (DN) to find membership of. * @param {Function} callback The callback to execute when completed. callback(err: {Object}, groups: {Array[Group]}) */ function getGroupMembershipForDN(opts, dn, stack, callback) { var self = this; if (typeof (stack) === 'function') { callback = stack; stack = undefined; } if (typeof (dn) === 'function') { callback = dn; dn = opts; opts = undefined; } if (typeof (opts) === 'string') { stack = dn; dn = opts; opts = undefined; } return new Promise((resolve, reject) => { log.trace('getGroupMembershipForDN(%j,%s,stack:%j)', opts, dn, (stack || []).length); // Ensure that a valid DN was provided. Otherwise abort the search. if (!dn) { var error = new Error('No distinguishedName (dn) specified for group membership retrieval.'); log.error(error); if (hasEvents('error')) self.emit('error', error); if(callback){ callback(err); } return reject(err); } // Note: Microsoft provides a 'Transitive Filter' for querying nested groups. // i.e. (member:1.2.840.113556.1.4.1941:=<userDistinguishedName>) // However this filter is EXTREMELY slow. Recursively querying ActiveDirectory // is typically 10x faster. opts = _.defaults(_.omit(opts || {}, 'filter', 'scope', 'attributes'), { filter: '(member=' + parseDistinguishedName(dn) + ')', scope: 'sub', attributes: joinAttributes((opts || {}).attributes || defaultAttributes.group, ['groupType']) }); search.call(self, opts, function (err, results) { if (err) { if(callback){ callback(err); } return reject(err); } var groups = []; for(ind in results){ let group = results[ind]; // accumulates discovered groups if (typeof (stack) !== 'undefined') { if (!_.findWhere(stack, { cn: group.cn })) { stack.push(new Group(group)); } _.each(stack, function (s) { if (!_.findWhere(groups, { cn: s.cn })) { groups.push(s); } }); } if (isGroupResult(group)) { log.debug('Adding group "%s" to %s"', group.dn, dn); groups.push(new Group(group)); // Get the groups that this group may be a member of. log.debug('Retrieving nested group membership for group "%s"', group.dn); getGroupMembershipForDN.call(self, opts, group.dn, groups, function (err, nestedGroups) { if (err) { if(callback){ callback(err); } return reject(err); } nestedGroups = _.map(nestedGroups, function (nestedGroup) { if (isGroupResult(nestedGroup)) { return (new Group(nestedGroup)); } }); log.debug('Group "%s" which is a member of group "%s" has %d nested group(s). Nested: %j', group.dn, dn, nestedGroups.length, _.map(nestedGroups, function (group) { return (group.dn); })); Array.prototype.push.apply(groups, nestedGroups); }); } // Remove the duplicates from the list. groups = _.uniq(_.sortBy(groups, function (group) { return (group.cn || group.dn); }), false, function (group) { return (group.dn); }); log.info('Group "%s" has %d group(s). Groups: %j', dn, groups.length, _.map(groups, function (group) { return (group.dn); })); if(callback){ callback(null, groups); } return resolve(groups); } }); }); } module.exports = getGroupMembershipForDN; |