Add optional DN truncating operation

GOID1989 · GOID1989 · commit 256b89486fb9 · 2023-11-13T00:03:19.000+03:00
diff --git a/README.md b/README.md
@@ -90,6 +90,7 @@ In order to use the *zabbix-ldap-sync* script we need to create a configuration
 * `filteruser` = The ldap filter to get the users in OpenLDAP mode, by default `(&(objectClass=posixAccount)(uid=%s))`
 * `groupattribute` = The attribute used for membership in a group in OpenLDAP mode, by default `memberUid`
 * `userattribute` = The attribute for users in openldap mode, by default `uid`
+* `truncatedn` - If set to true the distinguished name (DN) will be truncated to the first component (by default false). Group members are usually defined as `full-path-DN`. If your ldap server just uses the `login` names to reference group members (i.e. FreeIPA) you can use this functionality to solve problems with broken searches. Example: `uid=testuser,cn=users,cn=accounts,dc=example,dc=com` cut to `uid=testuser`
 
 #### [zabbix]
 * `server` - Zabbix URL
diff --git a/lib/ldapconn.py b/lib/ldapconn.py
@@ -31,6 +31,7 @@ def __init__(self, config):
         self.user_filter = config.ldap_user_filter
         self.verbose = config.verbose
         self.openldap_type = config.openldap_type
+        self.openldap_truncatedn = config.openldap_truncatedn
 
         self.logger = logging.getLogger(self.__class__.__name__)
         # Log from pyldap
@@ -111,6 +112,10 @@ def get_group_members_ldap(self, result: list):
         for memberid in users[self.group_member_attribute]:
             memberid = memberid.decode("utf-8")
 
+            if self.openldap_truncatedn:
+                self.logger.debug('Distinguished name truncated from %s to %s' % (memberid, memberid.split(',')[0]))
+                memberid = memberid.split(',')[0]
+
             if self.openldap_type == "groupofnames":
                 filter = "(objectClass=*)"
                 # memberid is user dn
diff --git a/lib/zabbixldapconf.py b/lib/zabbixldapconf.py
@@ -73,7 +73,8 @@ def __init__(self, config: str):
                                                   fallback='(&(objectClass=posixAccount)(uid=%s))', raw=True)
             self.openldap_groupattribute = parser.get('openldap', 'groupattribute', fallback='memberUid', raw=True)
             self.openldap_userattribute = parser.get('openldap', 'userattribute', fallback='uid', raw=True)
-
+            self.openldap_truncatedn = ZabbixLDAPConf.try_get_item_bool(parser, 'openldap', 'truncatedn', False)
+            
             self.zbx_server = parser.get('zabbix', 'server')
 
             self.zbx_ignore_tls_errors = ZabbixLDAPConf.try_get_item_bool(parser, 'zabbix', 'ignore_tls_errors', False)
