outposts/ldap: more cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
parent
a426a1a0b6
commit
30aa24ce6e
|
|
@ -39,8 +39,8 @@ func (ls *LDAPServer) Refresh() error {
|
||||||
s: ls,
|
s: ls,
|
||||||
log: log.WithField("logger", "authentik.outpost.ldap").WithField("provider", provider.Name),
|
log: log.WithField("logger", "authentik.outpost.ldap").WithField("provider", provider.Name),
|
||||||
tlsServerName: provider.TlsServerName,
|
tlsServerName: provider.TlsServerName,
|
||||||
uidStartNumber: *provider.UidStartNumber,
|
uidStartNumber: *provider.UidStartNumber,
|
||||||
gidStartNumber: *provider.GidStartNumber,
|
gidStartNumber: *provider.GidStartNumber,
|
||||||
}
|
}
|
||||||
if provider.Certificate.Get() != nil {
|
if provider.Certificate.Get() != nil {
|
||||||
logger.WithField("provider", provider.Name).Debug("Enabling TLS")
|
logger.WithField("provider", provider.Name).Debug("Enabling TLS")
|
||||||
|
|
@ -122,21 +122,3 @@ func (ls *LDAPServer) Start() error {
|
||||||
wg.Wait()
|
wg.Wait()
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
type transport struct {
|
|
||||||
headers map[string]string
|
|
||||||
inner http.RoundTripper
|
|
||||||
}
|
|
||||||
|
|
||||||
func (t *transport) RoundTrip(req *http.Request) (*http.Response, error) {
|
|
||||||
for key, value := range t.headers {
|
|
||||||
req.Header.Add(key, value)
|
|
||||||
}
|
|
||||||
return t.inner.RoundTrip(req)
|
|
||||||
}
|
|
||||||
func newTransport(inner http.RoundTripper, headers map[string]string) *transport {
|
|
||||||
return &transport{
|
|
||||||
inner: inner,
|
|
||||||
headers: headers,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
||||||
|
|
@ -56,11 +56,10 @@ func (pi *ProviderInstance) Bind(username string, bindDN, bindPW string, conn ne
|
||||||
config.Scheme = pi.s.ac.Client.GetConfig().Scheme
|
config.Scheme = pi.s.ac.Client.GetConfig().Scheme
|
||||||
config.UserAgent = pkg.UserAgent()
|
config.UserAgent = pkg.UserAgent()
|
||||||
config.HTTPClient = &http.Client{
|
config.HTTPClient = &http.Client{
|
||||||
Jar: jar,
|
Jar: jar,
|
||||||
Transport: newTransport(ak.GetTLSTransport(), map[string]string{
|
Transport: ak.GetTLSTransport(),
|
||||||
"X-authentik-remote-ip": host,
|
|
||||||
}),
|
|
||||||
}
|
}
|
||||||
|
config.AddDefaultHeader("X-authentik-remote-ip", host)
|
||||||
// create the API client, with the transport
|
// create the API client, with the transport
|
||||||
apiClient := api.NewAPIClient(config)
|
apiClient := api.NewAPIClient(config)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -108,11 +108,11 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "uidNumber",
|
Name: "uidNumber",
|
||||||
Values: []string{ pi.GetUidNumber(u) },
|
Values: []string{pi.GetUidNumber(u)},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "gidNumber",
|
Name: "gidNumber",
|
||||||
Values: []string{ pi.GetUidNumber(u) },
|
Values: []string{pi.GetUidNumber(u)},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -144,18 +144,18 @@ func (pi *ProviderInstance) GroupEntry(g LDAPGroup) *ldap.Entry {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "gidNumber",
|
Name: "gidNumber",
|
||||||
Values: []string{ g.gidNumber },
|
Values: []string{g.gidNumber},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
if (g.isVirtualGroup) {
|
if g.isVirtualGroup {
|
||||||
attrs = append(attrs, &ldap.EntryAttribute{
|
attrs = append(attrs, &ldap.EntryAttribute{
|
||||||
Name: "objectClass",
|
Name: "objectClass",
|
||||||
Values: []string{GroupObjectClass, "goauthentik.io/ldap/group", "goauthentik.io/ldap/virtual-group"},
|
Values: []string{GroupObjectClass, "goauthentik.io/ldap/group", "goauthentik.io/ldap/virtual-group"},
|
||||||
})
|
})
|
||||||
} else {
|
} else {
|
||||||
attrs = append(attrs, &ldap.EntryAttribute{
|
attrs = append(attrs, &ldap.EntryAttribute{
|
||||||
Name: "objectClass",
|
Name: "objectClass",
|
||||||
Values: []string{GroupObjectClass, "goauthentik.io/ldap/group"},
|
Values: []string{GroupObjectClass, "goauthentik.io/ldap/group"},
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
@ -163,7 +163,7 @@ func (pi *ProviderInstance) GroupEntry(g LDAPGroup) *ldap.Entry {
|
||||||
attrs = append(attrs, &ldap.EntryAttribute{Name: "member", Values: g.member})
|
attrs = append(attrs, &ldap.EntryAttribute{Name: "member", Values: g.member})
|
||||||
attrs = append(attrs, &ldap.EntryAttribute{Name: "goauthentik.io/ldap/superuser", Values: []string{BoolToString(g.isSuperuser)}})
|
attrs = append(attrs, &ldap.EntryAttribute{Name: "goauthentik.io/ldap/superuser", Values: []string{BoolToString(g.isSuperuser)}})
|
||||||
|
|
||||||
if (g.akAttributes != nil) {
|
if g.akAttributes != nil {
|
||||||
attrs = append(attrs, AKAttrsToLDAP(g.akAttributes)...)
|
attrs = append(attrs, AKAttrsToLDAP(g.akAttributes)...)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -51,14 +51,14 @@ type LDAPServer struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
type LDAPGroup struct {
|
type LDAPGroup struct {
|
||||||
dn string
|
dn string
|
||||||
cn string
|
cn string
|
||||||
uid string
|
uid string
|
||||||
gidNumber string
|
gidNumber string
|
||||||
member []string
|
member []string
|
||||||
isSuperuser bool
|
isSuperuser bool
|
||||||
isVirtualGroup bool
|
isVirtualGroup bool
|
||||||
akAttributes interface{}
|
akAttributes interface{}
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewServer(ac *ak.APIController) *LDAPServer {
|
func NewServer(ac *ak.APIController) *LDAPServer {
|
||||||
|
|
|
||||||
|
|
@ -82,27 +82,27 @@ func (pi *ProviderInstance) UsersForGroup(group api.Group) []string {
|
||||||
|
|
||||||
func (pi *ProviderInstance) APIGroupToLDAPGroup(g api.Group) LDAPGroup {
|
func (pi *ProviderInstance) APIGroupToLDAPGroup(g api.Group) LDAPGroup {
|
||||||
return LDAPGroup{
|
return LDAPGroup{
|
||||||
dn: pi.GetGroupDN(g.Name),
|
dn: pi.GetGroupDN(g.Name),
|
||||||
cn: g.Name,
|
cn: g.Name,
|
||||||
uid: string(g.Pk),
|
uid: string(g.Pk),
|
||||||
gidNumber: pi.GetGidNumber(g),
|
gidNumber: pi.GetGidNumber(g),
|
||||||
member: pi.UsersForGroup(g),
|
member: pi.UsersForGroup(g),
|
||||||
isVirtualGroup: false,
|
isVirtualGroup: false,
|
||||||
isSuperuser: *g.IsSuperuser,
|
isSuperuser: *g.IsSuperuser,
|
||||||
akAttributes: g.Attributes,
|
akAttributes: g.Attributes,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (pi *ProviderInstance) APIUserToLDAPGroup(u api.User) LDAPGroup {
|
func (pi *ProviderInstance) APIUserToLDAPGroup(u api.User) LDAPGroup {
|
||||||
return LDAPGroup{
|
return LDAPGroup{
|
||||||
dn: pi.GetGroupDN(u.Username),
|
dn: pi.GetGroupDN(u.Username),
|
||||||
cn: u.Username,
|
cn: u.Username,
|
||||||
uid: u.Uid,
|
uid: u.Uid,
|
||||||
gidNumber: pi.GetUidNumber(u),
|
gidNumber: pi.GetUidNumber(u),
|
||||||
member: []string{pi.GetUserDN(u.Username)},
|
member: []string{pi.GetUserDN(u.Username)},
|
||||||
isVirtualGroup: true,
|
isVirtualGroup: true,
|
||||||
isSuperuser: false,
|
isSuperuser: false,
|
||||||
akAttributes: nil,
|
akAttributes: nil,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -115,11 +115,11 @@ func (pi *ProviderInstance) GetGroupDN(group string) string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (pi *ProviderInstance) GetUidNumber(user api.User) string {
|
func (pi *ProviderInstance) GetUidNumber(user api.User) string {
|
||||||
return strconv.FormatInt(int64(pi.uidStartNumber + user.Pk), 10)
|
return strconv.FormatInt(int64(pi.uidStartNumber+user.Pk), 10)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (pi *ProviderInstance) GetGidNumber(group api.Group) string {
|
func (pi *ProviderInstance) GetGidNumber(group api.Group) string {
|
||||||
return strconv.FormatInt(int64(pi.gidStartNumber + pi.GetRIDForGroup(group.Pk)), 10)
|
return strconv.FormatInt(int64(pi.gidStartNumber+pi.GetRIDForGroup(group.Pk)), 10)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (pi *ProviderInstance) GetRIDForGroup(uid string) int32 {
|
func (pi *ProviderInstance) GetRIDForGroup(uid string) int32 {
|
||||||
|
|
|
||||||
Reference in New Issue