trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

outposts/ldap: add query support for all supported object classes 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-09-26 14:42:26 +02:00
parent 99a371a02c
commit 0285b84133
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
internal/outpost/ldap/instance_search.go
View File

@ -116,6 +116,10 @@ func (pi *ProviderInstance) Search(req SearchRequest) (ldap.ServerSearchResult,
"client": utils.GetIP(req.conn.RemoteAddr()), "client": utils.GetIP(req.conn.RemoteAddr()),
}).Inc() }).Inc()
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, fmt.Errorf("Search Error: unhandled filter type: %s [%s]", filterEntity, req.Filter) return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, fmt.Errorf("Search Error: unhandled filter type: %s [%s]", filterEntity, req.Filter)
case "goauthentik.io/ldap/group":
fallthrough
case "goauthentik.io/ldap/virtual-group":
fallthrough
case GroupObjectClass: case GroupObjectClass:
wg := sync.WaitGroup{} wg := sync.WaitGroup{}
wg.Add(2) wg.Add(2)
@ -165,7 +169,15 @@ func (pi *ProviderInstance) Search(req SearchRequest) (ldap.ServerSearchResult,
}() }()
wg.Wait() wg.Wait()
entries = append(gEntries, uEntries...) entries = append(gEntries, uEntries...)
case UserObjectClass, "": case "":
fallthrough
case "organizationalPerson":
fallthrough
case "inetorgperson":
fallthrough
case "goauthentik.io/ldap/user":
fallthrough
case UserObjectClass:
uapisp := sentry.StartSpan(req.ctx, "authentik.providers.ldap.search.api_user") uapisp := sentry.StartSpan(req.ctx, "authentik.providers.ldap.search.api_user")
searchReq, skip := parseFilterForUser(c.CoreApi.CoreUsersList(uapisp.Context()), parsedFilter, false) searchReq, skip := parseFilterForUser(c.CoreApi.CoreUsersList(uapisp.Context()), parsedFilter, false)
if skip { if skip {
@ -202,7 +214,7 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
"name": {u.Name}, "name": {u.Name},
"displayName": {u.Name}, "displayName": {u.Name},
"mail": {*u.Email}, "mail": {*u.Email},
"objectClass": {UserObjectClass, "organizationalPerson", "goauthentik.io/ldap/user"}, "objectClass": {UserObjectClass, "organizationalPerson", "inetorgperson", "goauthentik.io/ldap/user"},
"uidNumber": {pi.GetUidNumber(u)}, "uidNumber": {pi.GetUidNumber(u)},
"gidNumber": {pi.GetUidNumber(u)}, "gidNumber": {pi.GetUidNumber(u)},
}) })