search

gitlab-tools / gitlab-ldap-group-sync

Manage your gitlab groups with ldap / active directory
Apache License 2.0
24 stars 13 forks source link

ldapGroups is not iterable #1

Open Adambean opened 6 years ago

Adambean commented 6 years ago

I've got this script so that it's able to talk to our internal Gitlab-CE, but it gives error "ldapGroups" is not iterable.

# npm start

> gitlab-ldap-group-sync@0.0.1 start /opt/gitlab-ldap-group-sync
> node ./bin/www

Express server listening on port 8090
{ adamr: 2 }
TypeError: ldapGroups is not iterable
    at /opt/gitlab-ldap-group-sync/gitlabLdapGroupSync.js:58:27
    at Generator.next (<anonymous>)
    at onFulfilled (/opt/gitlab-ldap-group-sync/node_modules/co/index.js:65:19)
    at process._tickCallback (internal/process/next_tick.js:68:7)

Configuration is as follows:

{
  "port": 8090,
  "syncInterval": "10m",
  "gitlab": {
    "api": "https://git.example.com/api/v4",
    "privateToken": "myAdminSecretToken"
  },
  "ldap": {
    "url": "ldaps://internal.example.com",
    "baseDN": "dc=internal,dc=example,dc=com",
    "username": "uid=svc.gitlab,ou=Services,dc=internal,dc=example,dc=com",
    "password": "myLdapPassword",
    "groupPrefix": ""
  }
}

The LDAP server is running 389-DS, so the groups are at base DN ou=Groups,dc=internal,dc=example,dc=com. I didn't see that I could specify that option though. Not sure why groupPrefix is there, but the groups in LDAP don't have a specific prefix -- all should be synced.

stefanjauker commented 6 years ago

you need a least one group starting with gitlab-. See: https://github.com/gitlab-tools/gitlab-ldap-group-sync/blob/9df6d13ddc2fe7c9a7c0e3689fc4399641304786/gitlabLdapGroupSync.js#L147

Please create following groups on your 389-DS gitlab-admins and gitlab-default

Adambean commented 6 years ago

Ah thanks, that's a helpful line point. :)

I don't really want to be creating extra groups just for Gitlab as our team of 40ish people are already in appropriate groups. (I'll just edit the script to accept any group.)

stefanjauker commented 6 years ago

hi, can you send me a MR with you fix?

Adambean commented 6 years ago

I'm not sure if this is the cause. I modified that CN=gitlab-* to just CN=* but it still has the same error, must be something else odd going on. Also tried lowercase cn but I doubt that matters. As the "activedirectory" Node module is being used perhaps this script is really limited to Active Directory servers rather than raw LDAP. -- I don't know much about the module really.

Just out of curiosity, there is a config option to specify the group prefix, is there any reason why it isn't being used in this function instead of a hard-coded prefix? (I noticed the config object isn't available to this function, so it may take quite a bit of re-writing to make that so.)