diff --git a/.changeset/famous-falcons-laugh.md b/.changeset/famous-falcons-laugh.md new file mode 100644 index 0000000000000..e7008a8d55da9 --- /dev/null +++ b/.changeset/famous-falcons-laugh.md @@ -0,0 +1,5 @@ +--- +"@rocket.chat/meteor": patch +--- + +Ensures seat limit validation in LDAP sync, preventing activations beyond license restrictions. \ No newline at end of file diff --git a/apps/meteor/server/lib/ldap/UserConverter.ts b/apps/meteor/server/lib/ldap/UserConverter.ts index 4f76c61cefe62..bb6087a971345 100644 --- a/apps/meteor/server/lib/ldap/UserConverter.ts +++ b/apps/meteor/server/lib/ldap/UserConverter.ts @@ -1,7 +1,9 @@ import type { IImportUser, IUser } from '@rocket.chat/core-typings'; +import { License } from '@rocket.chat/license'; import type { Logger } from '@rocket.chat/logger'; import { Users } from '@rocket.chat/models'; +import { logger } from './Logger'; import type { ConverterCache } from '../../../app/importer/server/classes/converters/ConverterCache'; import { type RecordConverterOptions } from '../../../app/importer/server/classes/converters/RecordConverter'; import { UserConverter, type UserConverterOptions } from '../../../app/importer/server/classes/converters/UserConverter'; @@ -45,6 +47,18 @@ export class LDAPUserConverter extends UserConverter { } } + async insertUser(userData: IImportUser): Promise { + if (!userData.deleted) { + // #TODO: Change the LDAP sync process to split the inserts and updates into two stages so that we can validate this only once for all insertions + if (await License.shouldPreventAction('activeUsers')) { + logger.warn({ msg: 'Max users allowed reached, creating new LDAP users in inactive state ', username: userData.username }); + userData.deleted = true; + } + } + + return super.insertUser(userData); + } + static async convertSingleUser(userData: IImportUser, options?: UserConverterOptions): Promise { const converter = new LDAPUserConverter(options); await converter.addObject(userData);