From 37d3e0ec336f0fdc2a6f3c4828dd74005d2d9448 Mon Sep 17 00:00:00 2001 From: Giteabot Date: Wed, 12 Apr 2023 07:22:02 -0400 Subject: [PATCH] Fix accidental overwriting of LDAP team memberships (#24050) (#24065) Backport #24050 by @sillyguodong In the `for` loop, the value of `membershipsToAdd[org]` and `membershipsToRemove[org]` is a slice that should be appended instead of overwritten. Due to the current overwrite, the LDAP group sync only matches the last group at the moment. ## Example reproduction - an LDAP user is both a member of `cn=admin_staff,ou=people,dc=planetexpress,dc=com` and `cn=ship_crew,ou=people,dc=planetexpress,dc=com`. - configuration of `Map LDAP groups to Organization teams ` in `Authentication Sources`: ```json { "cn=admin_staff,ou=people,dc=planetexpress,dc=com":{ "test_organization":[ "admin_staff", "test_add" ] }, "cn=ship_crew,ou=people,dc=planetexpress,dc=com":{ "test_organization":[ "ship_crew" ] } ``` - start `Synchronize external user data` task in the `Dashboard`. - the user was only added for the team `test_organization.ship_crew` Co-authored-by: sillyguodong <33891828+sillyguodong@users.noreply.github.com> --- services/auth/source/source_group_sync.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/auth/source/source_group_sync.go b/services/auth/source/source_group_sync.go index 20b6095345..e42f60bde2 100644 --- a/services/auth/source/source_group_sync.go +++ b/services/auth/source/source_group_sync.go @@ -52,11 +52,11 @@ func resolveMappedMemberships(sourceUserGroups container.Set[string], sourceGrou isUserInGroup := sourceUserGroups.Contains(group) if isUserInGroup { for org, teams := range memberships { - membershipsToAdd[org] = teams + membershipsToAdd[org] = append(membershipsToAdd[org], teams...) } } else { for org, teams := range memberships { - membershipsToRemove[org] = teams + membershipsToRemove[org] = append(membershipsToRemove[org], teams...) } } }