ldapGroups is not iterable

[Adambean]

I've got this script so that it's able to talk to our internal Gitlab-CE, but it gives error "ldapGroups" is not iterable.

# npm start

> gitlab-ldap-group-sync@0.0.1 start /opt/gitlab-ldap-group-sync
> node ./bin/www

Express server listening on port 8090
{ adamr: 2 }
TypeError: ldapGroups is not iterable
    at /opt/gitlab-ldap-group-sync/gitlabLdapGroupSync.js:58:27
    at Generator.next (<anonymous>)
    at onFulfilled (/opt/gitlab-ldap-group-sync/node_modules/co/index.js:65:19)
    at process._tickCallback (internal/process/next_tick.js:68:7)

Configuration is as follows:

{
  "port": 8090,
  "syncInterval": "10m",
  "gitlab": {
    "api": "https://git.example.com/api/v4",
    "privateToken": "myAdminSecretToken"
  },
  "ldap": {
    "url": "ldaps://internal.example.com",
    "baseDN": "dc=internal,dc=example,dc=com",
    "username": "uid=svc.gitlab,ou=Services,dc=internal,dc=example,dc=com",
    "password": "myLdapPassword",
    "groupPrefix": ""
  }
}

The LDAP server is running 389-DS, so the groups are at base DN ou=Groups,dc=internal,dc=example,dc=com. I didn't see that I could specify that option though. Not sure why groupPrefix is there, but the groups in LDAP don't have a specific prefix -- all should be synced.

[stefanjauker]

you need a least one group starting with gitlab-. See:

gitlab-ldap-group-sync/gitlabLdapGroupSync.js

Line 147 in 9df6d13

ldap.findGroups('CN=gitlab-*', function (err, groups) {

Please create following groups on your 389-DS
gitlab-admins and gitlab-default

[Adambean]

Ah thanks, that's a helpful line point. :)

I don't really want to be creating extra groups just for Gitlab as our team of 40ish people are already in appropriate groups. (I'll just edit the script to accept any group.)

[stefanjauker]

hi,
can you send me a MR with you fix?

[Adambean]

I'm not sure if this is the cause. I modified that CN=gitlab-* to just CN=* but it still has the same error, must be something else odd going on. Also tried lowercase cn but I doubt that matters. As the "activedirectory" Node module is being used perhaps this script is really limited to Active Directory servers rather than raw LDAP. -- I don't know much about the module really.

Just out of curiosity, there is a config option to specify the group prefix, is there any reason why it isn't being used in this function instead of a hard-coded prefix? (I noticed the config object isn't available to this function, so it may take quite a bit of re-writing to make that so.)