feat: [ENTERPRISE] Add setting to control user merge on LDAP Backgrou…

…nd Sync (RocketChat#28814)
sampaiodiego · May 22, 2023 · 222c8ec · 222c8ec
1 parent df82bcc
commit 222c8ec
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 1 deletion.
diff --git a/.changeset/cold-meals-camp.md b/.changeset/cold-meals-camp.md
@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+feat: [ENTERPRISE] Add setting to control user merge on LDAP Background Sync
diff --git a/apps/meteor/app/importer/server/classes/ImportDataConverter.ts b/apps/meteor/app/importer/server/classes/ImportDataConverter.ts
@@ -52,6 +52,7 @@ type IMessageReactions = Record<string, IMessageReaction>;
 export type IConverterOptions = {
 	flagEmailsAsVerified?: boolean;
 	skipExistingUsers?: boolean;
+	skipNewUsers?: boolean;
 };
 
 const guessNameFromUsername = (username: string): string =>
@@ -83,6 +84,7 @@ export class ImportDataConverter {
 		this._options = options || {
 			flagEmailsAsVerified: false,
 			skipExistingUsers: false,
+			skipNewUsers: false,
 		};
 		this._userCache = new Map();
 		this._userDisplayNameCache = new Map();
@@ -345,6 +347,10 @@ export class ImportDataConverter {
 					await this.skipRecord(_id);
 					continue;
 				}
+				if (!existingUser && this._options.skipNewUsers) {
+					await this.skipRecord(_id);
+					continue;
+				}
 
 				if (!data.username) {
 					data.username = await generateUsernameSuggestion({

diff --git a/apps/meteor/ee/server/lib/ldap/Manager.ts b/apps/meteor/ee/server/lib/ldap/Manager.ts
@@ -23,17 +23,19 @@ export class LDAPEEManager extends LDAPManager {
 
 		const createNewUsers = settings.get<boolean>('LDAP_Background_Sync_Import_New_Users') ?? true;
 		const updateExistingUsers = settings.get<boolean>('LDAP_Background_Sync_Keep_Existant_Users_Updated') ?? true;
+		const mergeExistingUsers = settings.get<boolean>('LDAP_Background_Sync_Merge_Existent_Users') ?? false;
 
 		const options = this.getConverterOptions();
 		options.skipExistingUsers = !updateExistingUsers;
+		options.skipNewUsers = !createNewUsers;
 
 		const ldap = new LDAPConnection();
 		const converter = new LDAPDataConverter(true, options);
 
 		try {
 			await ldap.connect();
 
-			if (createNewUsers) {
+			if (createNewUsers || mergeExistingUsers) {
 				await this.importNewUsers(ldap, converter);
 			} else if (updateExistingUsers) {
 				await this.updateExistingUsers(ldap, converter);

diff --git a/apps/meteor/ee/server/settings/ldap.ts b/apps/meteor/ee/server/settings/ldap.ts
@@ -68,6 +68,16 @@ export function addSettings(): Promise<void> {
 						invalidValue: true,
 					});
 
+					await this.add('LDAP_Background_Sync_Merge_Existent_Users', false, {
+						type: 'boolean',
+						enableQuery: [
+							...backgroundSyncQuery,
+							{ _id: 'LDAP_Background_Sync_Keep_Existant_Users_Updated', value: true },
+							{ _id: 'LDAP_Merge_Existing_Users', value: true },
+						],
+						invalidValue: false,
+					});
+
 					await this.add('LDAP_Background_Sync_Avatars', false, {
 						type: 'boolean',
 						enableQuery,

diff --git a/apps/meteor/packages/rocketchat-i18n/i18n/en.i18n.json b/apps/meteor/packages/rocketchat-i18n/i18n/en.i18n.json
@@ -2870,6 +2870,8 @@
   "LDAP_Background_Sync_Interval_Description": "The interval between synchronizations. Example `every 24 hours` or `on the first day of the week`, more examples at [Cron Text Parser](http://bunkat.github.io/later/parsers.html#text)",
   "LDAP_Background_Sync_Keep_Existant_Users_Updated": "Background Sync Update Existing Users",
   "LDAP_Background_Sync_Keep_Existant_Users_Updated_Description": "Will sync the avatar, fields, username, etc (based on your configuration) of all users already imported from LDAP on every **Sync Interval**",
+  "LDAP_Background_Sync_Merge_Existent_Users": "Background Sync Merge Existing Users",
+  "LDAP_Background_Sync_Merge_Existent_Users_Description": "Will merge all users (based on your filter criteria) that exist in LDAP and also exist in Rocket.Chat. To enable this, activate the 'Merge Existing Users' setting in the Data Sync tab.",
   "LDAP_BaseDN": "Base DN",
   "LDAP_BaseDN_Description": "The fully qualified Distinguished Name (DN) of an LDAP subtree you want to search for users and groups. You can add as many as you like; however, each group must be defined in the same domain base as the users that belong to it. Example: `ou=Users+ou=Projects,dc=Example,dc=com`. If you specify restricted user groups, only users that belong to those groups will be in scope. We recommend that you specify the top level of your LDAP directory tree as your domain base and use search filter to control access.",
   "LDAP_CA_Cert": "CA Cert",