gitlab-ldap-group-sync icon indicating copy to clipboard operation
gitlab-ldap-group-sync copied to clipboard

Published 20 hours ago verified publisher icon gitlab-tools

ldapGroups is not iterable

Open Adambean opened this issue 7 years ago • 4 comments
trafficstars

I've got this script so that it's able to talk to our internal Gitlab-CE, but it gives error "ldapGroups" is not iterable.

# npm start

> [email protected] start /opt/gitlab-ldap-group-sync
> node ./bin/www

Express server listening on port 8090
{ adamr: 2 }
TypeError: ldapGroups is not iterable
    at /opt/gitlab-ldap-group-sync/gitlabLdapGroupSync.js:58:27
    at Generator.next (<anonymous>)
    at onFulfilled (/opt/gitlab-ldap-group-sync/node_modules/co/index.js:65:19)
    at process._tickCallback (internal/process/next_tick.js:68:7)

Configuration is as follows:

{
  "port": 8090,
  "syncInterval": "10m",
  "gitlab": {
    "api": "https://git.example.com/api/v4",
    "privateToken": "myAdminSecretToken"
  },
  "ldap": {
    "url": "ldaps://internal.example.com",
    "baseDN": "dc=internal,dc=example,dc=com",
    "username": "uid=svc.gitlab,ou=Services,dc=internal,dc=example,dc=com",
    "password": "myLdapPassword",
    "groupPrefix": ""
  }
}

The LDAP server is running 389-DS, so the groups are at base DN ou=Groups,dc=internal,dc=example,dc=com. I didn't see that I could specify that option though. Not sure why groupPrefix is there, but the groups in LDAP don't have a specific prefix -- all should be synced.

Adambean avatar Jul 14 '18 12:07 Adambean

you need a least one group starting with gitlab-. See: https://github.com/gitlab-tools/gitlab-ldap-group-sync/blob/9df6d13ddc2fe7c9a7c0e3689fc4399641304786/gitlabLdapGroupSync.js#L147

Please create following groups on your 389-DS gitlab-admins and gitlab-default

stefanjauker avatar Jul 17 '18 15:07 stefanjauker

Ah thanks, that's a helpful line point. :)

I don't really want to be creating extra groups just for Gitlab as our team of 40ish people are already in appropriate groups. (I'll just edit the script to accept any group.)

Adambean avatar Jul 17 '18 16:07 Adambean

hi, can you send me a MR with you fix?

stefanjauker avatar Jul 18 '18 12:07 stefanjauker

I'm not sure if this is the cause. I modified that CN=gitlab-* to just CN=* but it still has the same error, must be something else odd going on. Also tried lowercase cn but I doubt that matters. As the "activedirectory" Node module is being used perhaps this script is really limited to Active Directory servers rather than raw LDAP. -- I don't know much about the module really.

Just out of curiosity, there is a config option to specify the group prefix, is there any reason why it isn't being used in this function instead of a hard-coded prefix? (I noticed the config object isn't available to this function, so it may take quite a bit of re-writing to make that so.)

Adambean avatar Jul 18 '18 16:07 Adambean