`isUserMemberOf` should only search for direct groups, when no options for recursive has been provided

jsumners / node-activedirectory

ActiveDirectory is an Node.js ldapjs client for authN (authentication) and authZ (authorization) for Microsoft Active Directory with range retrieval support for large Active Directory installations. Originally forked from gheeres/node-activedirectory.

MIT License

52 stars 43 forks source link

`isUserMemberOf` should only search for direct groups, when no options for recursive has been provided #83

Closed SelfDevTV closed 4 years ago

SelfDevTV commented 4 years ago

Hiho,

I have a problem with isUserMemberOf. I use this function to authorize users in my application. Unfortunately it doesn't work since my user is in many many groups (huge groups). It will timeout eventually. I have turned on logging and I in fact see 1000 of lines of logs with group names he goes through.

So my Idea is to only search for the direct members when no options are specified and only search through all groups (recursively) when options are provided.

jurjendijkstra commented 4 years ago

Are you suggesting to change the default, which is recursive search? Please don't change the default, it would break existing applications. Actually, function isUserMemberOf without recursion does not make sense to me. If recursion is not what you want, you may as well simply look at the memberOf attribute of the user.

SelfDevTV commented 4 years ago

@jurjendijkstra Yeah it was for my use case where I want to check for a specific group that my user is memberOf. But he is in so many groups that I get a timeout. But I solved it in another way like you suggested :)

I think I can close this, but maybe you can have a look at my other issue I just opened 👍 Thx man