Remove LDAP admin check via group search in ldap-passport

2026-05-23 09:09:36 +02:00 · 2025-07-21 18:40:25 +02:00
parent eb94a0e3af
commit 0437f238de
2 changed files with 2 additions and 8 deletions
--- a/services/web/modules/authentication/ldap/app/src/LDAPAuthenticationManager.mjs
+++ b/services/web/modules/authentication/ldap/app/src/LDAPAuthenticationManager.mjs
@@ -30,9 +30,8 @@ const LDAPAuthenticationManager = {
    if (!firstName && !lastName) lastName = email
    let isAdmin = false
    if( attAdmin && valAdmin ) {
-      isAdmin = (profile._groups?.length > 0) ||
+      isAdmin = Array.isArray(profile[attAdmin]) ? profile[attAdmin].includes(valAdmin) :
-                (Array.isArray(profile[attAdmin]) ? profile[attAdmin].includes(valAdmin) :
+                                                   profile[attAdmin] === valAdmin
                                                    profile[attAdmin] === valAdmin)
    }
    let user = await User.findOne({ 'email': email }).exec()
--- a/services/web/modules/authentication/ldap/app/src/LDAPModuleManager.mjs
+++ b/services/web/modules/authentication/ldap/app/src/LDAPModuleManager.mjs
@@ -31,11 +31,6 @@ const LDAPModuleManager = {
      searchFilter: process.env.OVERLEAF_LDAP_SEARCH_FILTER,
      searchScope: process.env.OVERLEAF_LDAP_SEARCH_SCOPE || 'sub',
      searchAttributes: JSON.parse(process.env.OVERLEAF_LDAP_SEARCH_ATTRIBUTES || '[]'),
      groupSearchBase: process.env.OVERLEAF_LDAP_ADMIN_SEARCH_BASE,
      groupSearchFilter: process.env.OVERLEAF_LDAP_ADMIN_SEARCH_FILTER,
      groupSearchScope: process.env.OVERLEAF_LDAP_ADMIN_SEARCH_SCOPE || 'sub',
      groupSearchAttributes: ["dn"],
      groupDnProperty: process.env.OVERLEAF_LDAP_ADMIN_DN_PROPERTY,
      cache: boolFromEnv(process.env.OVERLEAF_LDAP_CACHE),
      timeout: numFromEnv(process.env.OVERLEAF_LDAP_TIMEOUT),
      connectTimeout: numFromEnv(process.env.OVERLEAF_LDAP_CONNECT_TIMEOUT),