Skip to content

Commit

Permalink
Filter out deleted AD users unless otherwise instructed
Browse files Browse the repository at this point in the history
  • Loading branch information
addisonbeck committed Aug 9, 2024
1 parent 3a639bb commit 88bc5e3
Showing 1 changed file with 16 additions and 3 deletions.
19 changes: 16 additions & 3 deletions src/services/ldap-directory.service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ export class LdapDirectoryService implements IDirectoryService {

let users: UserEntry[];
if (this.syncConfig.users) {
users = await this.getUsers(force);
users = await this.getUsers(force, test);
}

let groups: GroupEntry[];
Expand All @@ -66,7 +66,7 @@ export class LdapDirectoryService implements IDirectoryService {
return [groups, users];
}

private async getUsers(force: boolean): Promise<UserEntry[]> {
private async getUsers(force: boolean, test: boolean): Promise<UserEntry[]> {
const lastSync = await this.stateService.getLastUserSync();
let filter = this.buildBaseFilter(this.syncConfig.userObjectClass, this.syncConfig.userFilter);
filter = this.buildRevisionFilter(filter, force, lastSync);
Expand All @@ -77,7 +77,20 @@ export class LdapDirectoryService implements IDirectoryService {
const regularUsers = await this.search<UserEntry>(path, filter, (se: any) =>
this.buildUser(se, false),
);
if (!this.dirConfig.ad) {

// Active Directory has a special way of managing deleted users that
// standard LDAP does not. Users can be "tombstoned", where they cease to
// exist, or they can be "recycled" where they exist in a quarantined
// state for a period of time before being tombstoned.
//
// Essentially, recycled users are soft deleted but tombstoned users are
// hard deleted. In standard LDAP deleted users are only ever hard
// deleted.
//
// We check for recycled Active Directory users below, but only if the
// sync is a test sync or the "Overwrite existing users" flag is checked.
const ignoreDeletedUsers = !this.dirConfig.ad || (!force && !test);
if (ignoreDeletedUsers) {
return regularUsers;
}

Expand Down

0 comments on commit 88bc5e3

Please sign in to comment.