outposts/ldap: more cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
a426a1a0b6
commit
30aa24ce6e
|
@ -39,8 +39,8 @@ func (ls *LDAPServer) Refresh() error {
|
|||
s: ls,
|
||||
log: log.WithField("logger", "authentik.outpost.ldap").WithField("provider", provider.Name),
|
||||
tlsServerName: provider.TlsServerName,
|
||||
uidStartNumber: *provider.UidStartNumber,
|
||||
gidStartNumber: *provider.GidStartNumber,
|
||||
uidStartNumber: *provider.UidStartNumber,
|
||||
gidStartNumber: *provider.GidStartNumber,
|
||||
}
|
||||
if provider.Certificate.Get() != nil {
|
||||
logger.WithField("provider", provider.Name).Debug("Enabling TLS")
|
||||
|
@ -122,21 +122,3 @@ func (ls *LDAPServer) Start() error {
|
|||
wg.Wait()
|
||||
return nil
|
||||
}
|
||||
|
||||
type transport struct {
|
||||
headers map[string]string
|
||||
inner http.RoundTripper
|
||||
}
|
||||
|
||||
func (t *transport) RoundTrip(req *http.Request) (*http.Response, error) {
|
||||
for key, value := range t.headers {
|
||||
req.Header.Add(key, value)
|
||||
}
|
||||
return t.inner.RoundTrip(req)
|
||||
}
|
||||
func newTransport(inner http.RoundTripper, headers map[string]string) *transport {
|
||||
return &transport{
|
||||
inner: inner,
|
||||
headers: headers,
|
||||
}
|
||||
}
|
||||
|
|
|
@ -56,11 +56,10 @@ func (pi *ProviderInstance) Bind(username string, bindDN, bindPW string, conn ne
|
|||
config.Scheme = pi.s.ac.Client.GetConfig().Scheme
|
||||
config.UserAgent = pkg.UserAgent()
|
||||
config.HTTPClient = &http.Client{
|
||||
Jar: jar,
|
||||
Transport: newTransport(ak.GetTLSTransport(), map[string]string{
|
||||
"X-authentik-remote-ip": host,
|
||||
}),
|
||||
Jar: jar,
|
||||
Transport: ak.GetTLSTransport(),
|
||||
}
|
||||
config.AddDefaultHeader("X-authentik-remote-ip", host)
|
||||
// create the API client, with the transport
|
||||
apiClient := api.NewAPIClient(config)
|
||||
|
||||
|
|
|
@ -108,11 +108,11 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
|
|||
},
|
||||
{
|
||||
Name: "uidNumber",
|
||||
Values: []string{ pi.GetUidNumber(u) },
|
||||
Values: []string{pi.GetUidNumber(u)},
|
||||
},
|
||||
{
|
||||
Name: "gidNumber",
|
||||
Values: []string{ pi.GetUidNumber(u) },
|
||||
Values: []string{pi.GetUidNumber(u)},
|
||||
},
|
||||
}
|
||||
|
||||
|
@ -144,18 +144,18 @@ func (pi *ProviderInstance) GroupEntry(g LDAPGroup) *ldap.Entry {
|
|||
},
|
||||
{
|
||||
Name: "gidNumber",
|
||||
Values: []string{ g.gidNumber },
|
||||
Values: []string{g.gidNumber},
|
||||
},
|
||||
}
|
||||
|
||||
if (g.isVirtualGroup) {
|
||||
if g.isVirtualGroup {
|
||||
attrs = append(attrs, &ldap.EntryAttribute{
|
||||
Name: "objectClass",
|
||||
Name: "objectClass",
|
||||
Values: []string{GroupObjectClass, "goauthentik.io/ldap/group", "goauthentik.io/ldap/virtual-group"},
|
||||
})
|
||||
} else {
|
||||
attrs = append(attrs, &ldap.EntryAttribute{
|
||||
Name: "objectClass",
|
||||
Name: "objectClass",
|
||||
Values: []string{GroupObjectClass, "goauthentik.io/ldap/group"},
|
||||
})
|
||||
}
|
||||
|
@ -163,7 +163,7 @@ func (pi *ProviderInstance) GroupEntry(g LDAPGroup) *ldap.Entry {
|
|||
attrs = append(attrs, &ldap.EntryAttribute{Name: "member", Values: g.member})
|
||||
attrs = append(attrs, &ldap.EntryAttribute{Name: "goauthentik.io/ldap/superuser", Values: []string{BoolToString(g.isSuperuser)}})
|
||||
|
||||
if (g.akAttributes != nil) {
|
||||
if g.akAttributes != nil {
|
||||
attrs = append(attrs, AKAttrsToLDAP(g.akAttributes)...)
|
||||
}
|
||||
|
||||
|
|
|
@ -51,14 +51,14 @@ type LDAPServer struct {
|
|||
}
|
||||
|
||||
type LDAPGroup struct {
|
||||
dn string
|
||||
cn string
|
||||
uid string
|
||||
gidNumber string
|
||||
member []string
|
||||
isSuperuser bool
|
||||
dn string
|
||||
cn string
|
||||
uid string
|
||||
gidNumber string
|
||||
member []string
|
||||
isSuperuser bool
|
||||
isVirtualGroup bool
|
||||
akAttributes interface{}
|
||||
akAttributes interface{}
|
||||
}
|
||||
|
||||
func NewServer(ac *ak.APIController) *LDAPServer {
|
||||
|
|
|
@ -82,27 +82,27 @@ func (pi *ProviderInstance) UsersForGroup(group api.Group) []string {
|
|||
|
||||
func (pi *ProviderInstance) APIGroupToLDAPGroup(g api.Group) LDAPGroup {
|
||||
return LDAPGroup{
|
||||
dn: pi.GetGroupDN(g.Name),
|
||||
cn: g.Name,
|
||||
uid: string(g.Pk),
|
||||
gidNumber: pi.GetGidNumber(g),
|
||||
member: pi.UsersForGroup(g),
|
||||
isVirtualGroup: false,
|
||||
isSuperuser: *g.IsSuperuser,
|
||||
akAttributes: g.Attributes,
|
||||
dn: pi.GetGroupDN(g.Name),
|
||||
cn: g.Name,
|
||||
uid: string(g.Pk),
|
||||
gidNumber: pi.GetGidNumber(g),
|
||||
member: pi.UsersForGroup(g),
|
||||
isVirtualGroup: false,
|
||||
isSuperuser: *g.IsSuperuser,
|
||||
akAttributes: g.Attributes,
|
||||
}
|
||||
}
|
||||
|
||||
func (pi *ProviderInstance) APIUserToLDAPGroup(u api.User) LDAPGroup {
|
||||
return LDAPGroup{
|
||||
dn: pi.GetGroupDN(u.Username),
|
||||
cn: u.Username,
|
||||
uid: u.Uid,
|
||||
gidNumber: pi.GetUidNumber(u),
|
||||
member: []string{pi.GetUserDN(u.Username)},
|
||||
isVirtualGroup: true,
|
||||
isSuperuser: false,
|
||||
akAttributes: nil,
|
||||
dn: pi.GetGroupDN(u.Username),
|
||||
cn: u.Username,
|
||||
uid: u.Uid,
|
||||
gidNumber: pi.GetUidNumber(u),
|
||||
member: []string{pi.GetUserDN(u.Username)},
|
||||
isVirtualGroup: true,
|
||||
isSuperuser: false,
|
||||
akAttributes: nil,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -115,11 +115,11 @@ func (pi *ProviderInstance) GetGroupDN(group string) string {
|
|||
}
|
||||
|
||||
func (pi *ProviderInstance) GetUidNumber(user api.User) string {
|
||||
return strconv.FormatInt(int64(pi.uidStartNumber + user.Pk), 10)
|
||||
return strconv.FormatInt(int64(pi.uidStartNumber+user.Pk), 10)
|
||||
}
|
||||
|
||||
func (pi *ProviderInstance) GetGidNumber(group api.Group) string {
|
||||
return strconv.FormatInt(int64(pi.gidStartNumber + pi.GetRIDForGroup(group.Pk)), 10)
|
||||
return strconv.FormatInt(int64(pi.gidStartNumber+pi.GetRIDForGroup(group.Pk)), 10)
|
||||
}
|
||||
|
||||
func (pi *ProviderInstance) GetRIDForGroup(uid string) int32 {
|
||||
|
|
Reference in a new issue