add user group as well as user OU (#218)

simonLeary42 · web-flow · commit 8a428cac029e · 2025-05-07T16:30:17.000-04:00
* add site specific users group

* use site specific users group for LDAP-&gt;getAllUsers()

* add site specific users to docker ldap

* distinguish between "user OU" and "user group"

* comment

* add object classes
diff --git a/defaults/config.ini.default b/defaults/config.ini.default
@@ -18,7 +18,8 @@ uri = "ldap://identity"  ; URI of remote LDAP server
 user = "cn=admin,dc=unityhpc,dc=test"  ; Admin bind DN LDAP user
 pass = "password"  ; Admin bind password
 basedn = "dc=unityhpc,dc=test"  ; Base search DN
-user_ou = "ou=users,dc=unityhpc,dc=test"  ; User organizational unit
+user_ou = "ou=users,dc=unityhpc,dc=test"  ; User organizational unit (may contain more than user group)
+user_group = "cn=unityusers,dc=unityhpc,dc=test" ; User group
 group_ou = "ou=groups,dc=unityhpc,dc=test"  ; Group organizational unit
 pigroup_ou = "ou=pi_groups,dc=unityhpc,dc=test"  ; PI Group organizational unit
 orggroup_ou = "ou=org_groups,dc=unityhpc,dc=test"  ; ORG group organizational unit
diff --git a/resources/init.php b/resources/init.php
@@ -45,6 +45,7 @@
     $CONFIG["ldap"]["pigroup_ou"],
     $CONFIG["ldap"]["orggroup_ou"],
     $CONFIG["ldap"]["admin_group"],
+    $CONFIG["ldap"]["user_group"],
     $CONFIG["ldap"]["def_user_shell"]
 );
 
diff --git a/resources/lib/UnityLDAP.php b/resources/lib/UnityLDAP.php
@@ -53,6 +53,7 @@ public function __construct(
         $pigroup_ou,
         $orggroup_ou,
         $admin_group,
+        $user_group_dn,
         $def_user_shell
     ) {
         parent::__construct($host, $dn, $pass);
@@ -69,6 +70,7 @@ public function __construct(
         $this->pi_groupOU = $this->getEntry($pigroup_ou);
         $this->org_groupOU = $this->getEntry($orggroup_ou);
         $this->adminGroup = $this->getEntry($admin_group);
+        $this->userGroup = $this->getEntry($user_group_dn);
 
         $this->custom_mappings_path = $custom_user_mappings;
 
@@ -103,6 +105,11 @@ public function getAdminGroup()
         return $this->adminGroup;
     }
 
+    public function getUserGroup()
+    {
+        return $this->userGroup;
+    }
+
     public function getDefUserShell()
     {
         return $this->def_user_shell;
@@ -236,10 +243,10 @@ public function getAllUsers($UnitySQL, $UnityMailer, $UnityRedis, $UnityWebhook,
             }
         }
 
-        $users = $this->userOU->getChildren(true);
-
+        $users = $this->userGroup->getAttribute("memberuid");
+        sort($users);
         foreach ($users as $user) {
-            $params = array($user->getAttribute("cn")[0], $this, $UnitySQL, $UnityMailer, $UnityRedis, $UnityWebhook);
+            $params = array($user, $this, $UnitySQL, $UnityMailer, $UnityRedis, $UnityWebhook);
             array_push($out, new UnityUser(...$params));
         }
 
diff --git a/resources/lib/UnityUser.php b/resources/lib/UnityUser.php
@@ -106,6 +106,10 @@ public function init($send_mail = true)
             $orgEntry->addUser($this);
         }
 
+        // add to user group as well as user OU
+        $this->LDAP->getUserGroup()->appendAttribute("memberuid", $this->getUID());
+        $this->LDAP->getUserGroup()->write();
+
         // add user to cache
         $this->REDIS->appendCacheArray("sorted_users", "", $this->getUID());
 
diff --git a/tools/docker-dev/identity/bootstrap.ldif b/tools/docker-dev/identity/bootstrap.ldif

Original file line number	Diff line number	Diff line change
`@@ -106,6 +106,10 @@ public function init($send_mail = true)`
`106`	`106`	`$orgEntry->addUser($this);`
`107`	`107`	`}`
`108`	`108`
	`109`	`+ // add to user group as well as user OU`
	`110`	`+ $this->LDAP->getUserGroup()->appendAttribute("memberuid", $this->getUID());`
	`111`	`+ $this->LDAP->getUserGroup()->write();`
	`112`	`+`
`109`	`113`	`// add user to cache`
`110`	`114`	`$this->REDIS->appendCacheArray("sorted_users", "", $this->getUID());`
`111`	`115`