fix(xo-server-auth-ldap/synchronizeGroups): fix adding users to groups (#5545)

Fixes xoa-support#3333
Introduced by 8cfaabedeb

`synchronizeGroups` (called without a user) tries to find XO users that belong
to LDAP groups and add them to those groups. In order to find those users, it
was using the `userIdAttribute` attribute instead of the
`membersMapping.userAttribute` attribute from the configuration.

CHANGELOG.unreleased.md

@@ -11,6 +11,8 @@
 
 > Users must be able to say: “I had this issue, happy to know it's fixed”
 
+- [LDAP] "Synchronize LDAP groups" button: fix imported LDAP users not being correctly added or removed from groups in some cases (PR [#5545](https://github.com/vatesfr/xen-orchestra/pull/5545))
+
 ### Packages to release
 
 > Packages will be released in the order they are here, therefore, they should
@@ -27,3 +29,5 @@
 > - major: if the change breaks compatibility
 >
 > In case of conflict, the highest (lowest in previous list) `$version` wins.
+
+- xo-server-auth-ldap patch

packages/xo-server-auth-ldap/src/index.js

@@ -418,8 +418,19 @@ class AuthLdap {
 
         const xoGroupMembers = xoGroup.users === undefined ? [] : xoGroup.users.slice(0)
 
-        for (const ldapId of ldapGroupMembers) {
-          const xoUser = xoUsers.find(user => user.authProviders.ldap.id === ldapId)
+        for (const memberId of ldapGroupMembers) {
+          const {
+            searchEntries: [ldapUser],
+          } = await client.search(this._searchBase, {
+            scope: 'sub',
+            filter: `(${escape(membersMapping.userAttribute)}=${escape(memberId)})`,
+            sizeLimit: 1,
+          })
+          if (ldapUser === undefined) {
+            continue
+          }
+
+          const xoUser = xoUsers.find(user => user.authProviders.ldap.id === ldapUser[this._userIdAttribute])
           if (xoUser === undefined) {
             continue
           }