Closes #2218; LDAP: Add a setting to disable avatar sync

RocketChat · Feb 19, 2016 · 325fed3 · 325fed3
1 parent e16c8ff
commit 325fed3
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 45 deletions.
diff --git a/i18n/en.i18n.json b/i18n/en.i18n.json
@@ -298,6 +298,7 @@
   "LDAP_Port" : "Port",
   "LDAP_Port_Description" : "Port to access LDAP. eg: `389` or `636` for LDAPS",
   "LDAP_Reject_Unauthorized" : "Reject Unauthorized",
+  "LDAP_Sync_User_Avatar" : "Sync User Avatar",
   "LDAP_Sync_User_Data" : "Sync Data",
   "LDAP_Sync_User_Data_Description" : "Keep user data in sync with server on login (eg: name, email).",
   "LDAP_Sync_User_Data_FieldMap" : "User Data Field Map",

diff --git a/packages/rocketchat-ldap/package.js b/packages/rocketchat-ldap/package.js
@@ -13,7 +13,6 @@ Package.onUse(function(api) {
   api.use('rocketchat:lib');
   api.use('tap:i18n');
   api.use('yasaricli:slugify');
-  api.use('coffeescript');
   api.use('ecmascript');
   api.use('sha');
 
@@ -27,7 +26,7 @@ Package.onUse(function(api) {
   api.addFiles('server/ldap.js', 'server');
   api.addFiles('server/sync.js', 'server');
   api.addFiles('server/loginHandler.js', 'server');
-  api.addFiles('server/settings.coffee', 'server');
+  api.addFiles('server/settings.js', 'server');
   api.addFiles('server/testConnection.js', 'server');
   api.addFiles('server/syncUsers.js', 'server');
 

diff --git a/packages/rocketchat-ldap/server/settings.coffee b/packages/rocketchat-ldap/server/settings.coffee
diff --git a/packages/rocketchat-ldap/server/settings.js b/packages/rocketchat-ldap/server/settings.js
@@ -0,0 +1,45 @@
+Meteor.startup(function() {
+	RocketChat.settings.addGroup('LDAP', function() {
+		const enableQuery = {_id: 'LDAP_Enable', value: true};
+		const enableTLSQuery = [
+			{_id: 'LDAP_Enable', value: true},
+			{_id: 'LDAP_Encryption', value: {$in: ['tls', 'ssl']}}
+		];
+		const customBindSearchEnabledQuery = [
+			{_id: 'LDAP_Enable', value: true},
+			{_id: 'LDAP_Use_Custom_Domain_Search', value: true}
+		];
+		const customBindSearchDisabledQuery = [
+			{_id: 'LDAP_Enable', value: true},
+			{_id: 'LDAP_Use_Custom_Domain_Search', value: false}
+		];
+		const syncDataQuery = [
+			{_id: 'LDAP_Enable', value: true},
+			{_id: 'LDAP_Sync_User_Data', value: true}
+		];
+
+		this.add('LDAP_Enable', false, { type: 'boolean', public: true });
+		this.add('LDAP_Host', '', { type: 'string', enableQuery: enableQuery });
+		this.add('LDAP_Port', '389', { type: 'string', enableQuery: enableQuery });
+		this.add('LDAP_Encryption', 'plain', { type: 'select', values: [ { key: 'plain', i18nLabel: 'No_Encryption' }, { key: 'tls', i18nLabel: 'StartTLS' }, { key: 'ssl', i18nLabel: 'SSL/LDAPS' } ], enableQuery: enableQuery });
+		this.add('LDAP_CA_Cert', '', { type: 'string', multiline: true, enableQuery: enableTLSQuery });
+		this.add('LDAP_Reject_Unauthorized', true, { type: 'boolean', enableQuery: enableTLSQuery });
+		this.add('LDAP_Domain_Base', '', { type: 'string', enableQuery: enableQuery });
+		this.add('LDAP_Use_Custom_Domain_Search', false, { type: 'boolean' , enableQuery: enableQuery });
+		this.add('LDAP_Custom_Domain_Search', '', { type: 'string' , enableQuery: customBindSearchEnabledQuery });
+		this.add('LDAP_Domain_Search_User', '', { type: 'string', enableQuery: customBindSearchDisabledQuery });
+		this.add('LDAP_Domain_Search_Password', '', { type: 'password', enableQuery: customBindSearchDisabledQuery });
+		this.add('LDAP_Domain_Search_Filter', '', { type: 'string', enableQuery: customBindSearchDisabledQuery });
+		this.add('LDAP_Domain_Search_User_ID', 'sAMAccountName', { type: 'string', enableQuery: customBindSearchDisabledQuery });
+		this.add('LDAP_Domain_Search_Object_Class', 'user', { type: 'string', enableQuery: customBindSearchDisabledQuery });
+		this.add('LDAP_Domain_Search_Object_Category', 'person', { type: 'string', enableQuery: customBindSearchDisabledQuery });
+		this.add('LDAP_Username_Field', 'sAMAccountName', { type: 'string', enableQuery: enableQuery });
+		this.add('LDAP_Unique_Identifier_Field', 'objectGUID,ibm-entryUUID,GUID,dominoUNID,nsuniqueId,uidNumber', { type: 'string', enableQuery: enableQuery });
+		this.add('LDAP_Sync_User_Data', false, { type: 'boolean' , enableQuery: enableQuery });
+		this.add('LDAP_Sync_User_Avatar', true, { type: 'boolean' , enableQuery: syncDataQuery });
+		this.add('LDAP_Sync_User_Data_FieldMap', '{"cn":"name", "mail":"email"}', { type: 'string', enableQuery: syncDataQuery });
+		this.add('LDAP_Default_Domain', '', { type: 'string' , enableQuery: enableQuery });
+		this.add('LDAP_Test_Connection', 'ldap_test_connection', { type: 'action', actionText: 'Test_Connection' });
+		this.add('LDAP_Sync_Users', 'ldap_sync_users', { type: 'action', actionText: 'Sync_Users' });
+	});
+});
diff --git a/packages/rocketchat-ldap/server/sync.js b/packages/rocketchat-ldap/server/sync.js
@@ -82,7 +82,7 @@ syncUserData = function syncUserData(user, ldapUser) {
 		logger.debug('setting', JSON.stringify(userData, null, 2));
 	}
 
-	if (user && user._id) {
+	if (user && user._id && RocketChat.settings.get('LDAP_Sync_User_Avatar') === true) {
 		const avatar = ldapUser.raw.thumbnailPhoto || ldapUser.raw.jpegPhoto;
 		if (avatar) {
 			logger.info('Syncing user avatar');