diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json index 6abec2da..61e9974e 100644 --- a/meshcentral-config-schema.json +++ b/meshcentral-config-schema.json @@ -550,6 +550,19 @@ "ldapUserImage": { "type": "string", "default": "thumbnailPhoto", "description": "The LDAP value to use for the user's image." }, "ldapSaveUserToFile": { "type": "string", "default": null, "description": "When set to a filename, for example c:\\temp\\ldapusers.txt, MeshCentral will save the LDAP user object to this file each time a user logs in. This is used for debugging LDAP issues." }, "ldapUserGroups": { "type": "string", "default": "memberOf", "description": "The LDAP value to use for the user's group memberships." }, + "ldapSyncWithUserGroups": { + "type": [ "boolean", "object" ], + "default": false, + "description": "When set to true or set to an object, MeshCentral will syncronized LDAP user memberships to MeshCentral user groups.", + "additionalProperties": false, + "properties": { + "filter": { + "type": [ "string", "array" ], + "default": null, + "description": "When set to a string or array of strings, only LDAP membership groups that includes one of the strings will be syncronized with MeshCentral user groups." + } + } + }, "ldapUserRequiredGroupMembership": { "type": [ "string", "array" ], "default": null, "description": "A list of LDAP groups. Users must be part of at least one of these groups to allow login. If null, all users are allowed to login." }, "ldapOptions": { "type": "object", "description": "LDAP options passed to ldapauth-fork" }, "agentInviteCodes": { "type": "boolean", "default": false, "description": "Enabled a feature where you can set one or more invitation codes in a device group. You can then give a invitation link to users who can use it to download the agent." }, diff --git a/sample-config-advanced.json b/sample-config-advanced.json index 2403085c..a75bc3ab 100644 --- a/sample-config-advanced.json +++ b/sample-config-advanced.json @@ -535,26 +535,8 @@ "_LDAPUserEmail": "otherMail", "_LDAPUserGroups": "memberOf", "_LDAPUserRequiredGroupMembership": [ "CN=Domain Admins,CN=Users,DC=sample,DC=com" ], - "_LDAPPptions": { - "url": "test", - "anne": { - "gecos": "Anne O'Nyme", - "displayName": "O Nyme anne", - "uid": "anneonyme", - "mail": "anneonyme@example.com", - "email": "anneonyme@example.com", - "otherMail": [ "other.anneonyme@example.com", "anneonyme@example.com" ] - }, - "so": { - "displayName": "Sticker Sophie", - "gecos": "Sophie Sticker", - "uid": "ssticker", - "mail": "ssticker@example.com", - "email": "ssticker@example.com", - "otherMail": [ "other.ssticker@example.com", "ssticker@example.com" ] - } - }, - "__LDAPOptions": { + "_LDAPSyncWithUserGroups": { "filter": [ "CN=Domain Admins" ] }, + "_LDAPOptions": { "URL": "ldap://1.2.3.4:389", "BindDN": "CN=svc_meshcentral,CN=Users,DC=meshcentral,DC=local", "BindCredentials": "Password.1", diff --git a/webserver.js b/webserver.js index 0fc04a66..6648f1ae 100644 --- a/webserver.js +++ b/webserver.js @@ -500,7 +500,6 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF } if (match) { g.push(userMemberships[i]); } } - console.log(g); userMemberships = g; } } else {