outposts/ldap: add query support for all supported object classes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
99a371a02c
commit
0285b84133
|
@ -116,6 +116,10 @@ func (pi *ProviderInstance) Search(req SearchRequest) (ldap.ServerSearchResult,
|
||||||
"client": utils.GetIP(req.conn.RemoteAddr()),
|
"client": utils.GetIP(req.conn.RemoteAddr()),
|
||||||
}).Inc()
|
}).Inc()
|
||||||
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, fmt.Errorf("Search Error: unhandled filter type: %s [%s]", filterEntity, req.Filter)
|
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, fmt.Errorf("Search Error: unhandled filter type: %s [%s]", filterEntity, req.Filter)
|
||||||
|
case "goauthentik.io/ldap/group":
|
||||||
|
fallthrough
|
||||||
|
case "goauthentik.io/ldap/virtual-group":
|
||||||
|
fallthrough
|
||||||
case GroupObjectClass:
|
case GroupObjectClass:
|
||||||
wg := sync.WaitGroup{}
|
wg := sync.WaitGroup{}
|
||||||
wg.Add(2)
|
wg.Add(2)
|
||||||
|
@ -165,7 +169,15 @@ func (pi *ProviderInstance) Search(req SearchRequest) (ldap.ServerSearchResult,
|
||||||
}()
|
}()
|
||||||
wg.Wait()
|
wg.Wait()
|
||||||
entries = append(gEntries, uEntries...)
|
entries = append(gEntries, uEntries...)
|
||||||
case UserObjectClass, "":
|
case "":
|
||||||
|
fallthrough
|
||||||
|
case "organizationalPerson":
|
||||||
|
fallthrough
|
||||||
|
case "inetorgperson":
|
||||||
|
fallthrough
|
||||||
|
case "goauthentik.io/ldap/user":
|
||||||
|
fallthrough
|
||||||
|
case UserObjectClass:
|
||||||
uapisp := sentry.StartSpan(req.ctx, "authentik.providers.ldap.search.api_user")
|
uapisp := sentry.StartSpan(req.ctx, "authentik.providers.ldap.search.api_user")
|
||||||
searchReq, skip := parseFilterForUser(c.CoreApi.CoreUsersList(uapisp.Context()), parsedFilter, false)
|
searchReq, skip := parseFilterForUser(c.CoreApi.CoreUsersList(uapisp.Context()), parsedFilter, false)
|
||||||
if skip {
|
if skip {
|
||||||
|
@ -202,7 +214,7 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
|
||||||
"name": {u.Name},
|
"name": {u.Name},
|
||||||
"displayName": {u.Name},
|
"displayName": {u.Name},
|
||||||
"mail": {*u.Email},
|
"mail": {*u.Email},
|
||||||
"objectClass": {UserObjectClass, "organizationalPerson", "goauthentik.io/ldap/user"},
|
"objectClass": {UserObjectClass, "organizationalPerson", "inetorgperson", "goauthentik.io/ldap/user"},
|
||||||
"uidNumber": {pi.GetUidNumber(u)},
|
"uidNumber": {pi.GetUidNumber(u)},
|
||||||
"gidNumber": {pi.GetUidNumber(u)},
|
"gidNumber": {pi.GetUidNumber(u)},
|
||||||
})
|
})
|
||||||
|
|
Reference in New Issue