From d67f5dd23bf1f7154d0264c6e34e512ac51c35c0 Mon Sep 17 00:00:00 2001
From: Lou Knauer <lou.knauer@gmx.de>
Date: Mon, 2 May 2022 11:59:24 +0200
Subject: [PATCH] Fix ClusterCockpit/cc-frontend#31: Add user role to LDAP
 users

---
 auth/auth.go | 4 ++--
 auth/ldap.go | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/auth/auth.go b/auth/auth.go
index a57247d..0a99976 100644
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -206,13 +206,13 @@ func (auth *Authentication) FetchUsers(viaLdap, notJustUser bool) ([]*User, erro
 	q := sq.Select("username", "name", "email", "roles").From("user")
 	if !viaLdap {
 		if notJustUser {
-			q = q.Where("ldap = 0 OR roles != '[\"user\"]'")
+			q = q.Where("ldap = 0 OR (roles != '[\"user\"]' AND roles != '[]')")
 		} else {
 			q = q.Where("ldap = 0")
 		}
 	} else {
 		if notJustUser {
-			q = q.Where("ldap = 1 OR roles != '[\"user\"]'")
+			q = q.Where("ldap = 1 OR (roles != '[\"user\"]' AND roles != '[]')")
 		} else {
 			q = q.Where("ldap = 1")
 		}
diff --git a/auth/ldap.go b/auth/ldap.go
index 4d16ebe..4c5e0d5 100644
--- a/auth/ldap.go
+++ b/auth/ldap.go
@@ -149,9 +149,9 @@ func (auth *Authentication) SyncWithLDAP(deleteOldUsers bool) error {
 			}
 		} else if where == IN_LDAP {
 			name := newnames[username]
-			log.Infof("ldap-sync: add %#v (name: %#v, roles: [], ldap: true)", username, name)
+			log.Infof("ldap-sync: add %#v (name: %#v, roles: [user], ldap: true)", username, name)
 			if _, err := auth.db.Exec(`INSERT INTO user (username, ldap, name, roles) VALUES (?, ?, ?, ?)`,
-				username, 1, name, "[]"); err != nil {
+				username, 1, name, "[\""+RoleUser+"\"]"); err != nil {
 				return err
 			}
 		}