From 845799860b8697ad85b276ab53c07bec4c56cd87 Mon Sep 17 00:00:00 2001
From: Alexander Sulfrian <alex@spline.inf.fu-berlin.de>
Date: Sat, 6 Dec 2014 17:25:59 +0100
Subject: Kernel::System::Auth::Sync::LDAP: add initial role support

---
 Kernel/System/Auth/Sync/LDAP.pm | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/Kernel/System/Auth/Sync/LDAP.pm b/Kernel/System/Auth/Sync/LDAP.pm
index 5f83068..6451fbe 100644
--- a/Kernel/System/Auth/Sync/LDAP.pm
+++ b/Kernel/System/Auth/Sync/LDAP.pm
@@ -329,6 +329,35 @@ sub Sync {
                         );
                     }
                 }
+
+                # sync initial roles
+                my $UserSyncInitialRoles = $ConfigObject->Get(
+                    'AuthSyncModule::LDAP::UserSyncInitialRoles' . $Self->{Count}
+                );
+                if ($UserSyncInitialRoles) {
+                    ROLE:
+                    for my $Role ( @{$UserSyncInitialRoles} ) {
+
+                        # only for valid roles
+                        if ( !$SystemRolesByName{$Role} ) {
+                            $Kernel::OM->Get('Kernel::System::Log')->Log(
+                                Priority => 'notice',
+                                Message =>
+                                    "Invalid role '$Role' in "
+                                    . "'AuthSyncModule::LDAP::UserSyncInitialRoles"
+                                    . "$Self->{Count}'!",
+                            );
+                            next ROLE;
+                        }
+
+                        $GroupObject->RoleMemberAdd(
+                            RID    => $SystemRolesByName{$Role},
+                            UID    => $UserID,
+                            Active => 1,
+                            UserID => 1,
+                        );
+                    }
+                }
             }
         }
 
-- 
cgit v1.2.3-1-g7c22