ldap filter: skip empty emails by default, fix ldap sync (case insensitive email comparison, user source difference)

2025-12-14 02:26:19 +00:00 · 2021-05-16 23:43:47 +02:00
parent c9e7145a5b
commit d516d74d3f
3 changed files with 7 additions and 3 deletions
--- a/internal/server/ldapsync.go
+++ b/internal/server/ldapsync.go
@@ -54,6 +54,9 @@ func (s Server) userChangedInLdap(user *users.User, ldapData *ldap.RawLdapData)
 	if user.Phone != ldapData.Attributes[s.config.LDAP.PhoneAttribute] {
 		return true
 	}
+	if user.Source != users.UserSourceLdap {
+		return true
+	}

 	if user.DeletedAt.Valid {
 		return true
@@ -83,7 +86,7 @@ func (s *Server) disableMissingLdapUsers(ldapUsers []ldap.RawLdapData) {

 		existsInLDAP := false
 		for j := range ldapUsers {
-			if activeUsers[i].Email == ldapUsers[j].Attributes[s.config.LDAP.EmailAttribute] {
+			if activeUsers[i].Email == strings.ToLower(ldapUsers[j].Attributes[s.config.LDAP.EmailAttribute]) {
 				existsInLDAP = true
 				break
 			}
@@ -129,6 +132,7 @@ func (s *Server) updateLdapUsers(ldapUsers []ldap.RawLdapData) {

 		// Sync attributes from ldap
 		if s.userChangedInLdap(user, &ldapUsers[i]) {
+			logrus.Debugf("updating ldap user %s", user.Email)
 			user.Firstname = ldapUsers[i].Attributes[s.config.LDAP.FirstNameAttribute]
 			user.Lastname = ldapUsers[i].Attributes[s.config.LDAP.LastNameAttribute]
 			user.Email = ldapUsers[i].Attributes[s.config.LDAP.EmailAttribute]