outposts/ldap: more cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-07-14 20:37:27 +02:00
parent a426a1a0b6
commit 30aa24ce6e
5 changed files with 37 additions and 56 deletions

View File

@ -39,8 +39,8 @@ func (ls *LDAPServer) Refresh() error {
s: ls,
log: log.WithField("logger", "authentik.outpost.ldap").WithField("provider", provider.Name),
tlsServerName: provider.TlsServerName,
uidStartNumber: *provider.UidStartNumber,
gidStartNumber: *provider.GidStartNumber,
uidStartNumber: *provider.UidStartNumber,
gidStartNumber: *provider.GidStartNumber,
}
if provider.Certificate.Get() != nil {
logger.WithField("provider", provider.Name).Debug("Enabling TLS")
@ -122,21 +122,3 @@ func (ls *LDAPServer) Start() error {
wg.Wait()
return nil
}
type transport struct {
headers map[string]string
inner http.RoundTripper
}
func (t *transport) RoundTrip(req *http.Request) (*http.Response, error) {
for key, value := range t.headers {
req.Header.Add(key, value)
}
return t.inner.RoundTrip(req)
}
func newTransport(inner http.RoundTripper, headers map[string]string) *transport {
return &transport{
inner: inner,
headers: headers,
}
}

View File

@ -56,11 +56,10 @@ func (pi *ProviderInstance) Bind(username string, bindDN, bindPW string, conn ne
config.Scheme = pi.s.ac.Client.GetConfig().Scheme
config.UserAgent = pkg.UserAgent()
config.HTTPClient = &http.Client{
Jar: jar,
Transport: newTransport(ak.GetTLSTransport(), map[string]string{
"X-authentik-remote-ip": host,
}),
Jar: jar,
Transport: ak.GetTLSTransport(),
}
config.AddDefaultHeader("X-authentik-remote-ip", host)
// create the API client, with the transport
apiClient := api.NewAPIClient(config)

View File

@ -108,11 +108,11 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
},
{
Name: "uidNumber",
Values: []string{ pi.GetUidNumber(u) },
Values: []string{pi.GetUidNumber(u)},
},
{
Name: "gidNumber",
Values: []string{ pi.GetUidNumber(u) },
Values: []string{pi.GetUidNumber(u)},
},
}
@ -144,18 +144,18 @@ func (pi *ProviderInstance) GroupEntry(g LDAPGroup) *ldap.Entry {
},
{
Name: "gidNumber",
Values: []string{ g.gidNumber },
Values: []string{g.gidNumber},
},
}
if (g.isVirtualGroup) {
if g.isVirtualGroup {
attrs = append(attrs, &ldap.EntryAttribute{
Name: "objectClass",
Name: "objectClass",
Values: []string{GroupObjectClass, "goauthentik.io/ldap/group", "goauthentik.io/ldap/virtual-group"},
})
} else {
attrs = append(attrs, &ldap.EntryAttribute{
Name: "objectClass",
Name: "objectClass",
Values: []string{GroupObjectClass, "goauthentik.io/ldap/group"},
})
}
@ -163,7 +163,7 @@ func (pi *ProviderInstance) GroupEntry(g LDAPGroup) *ldap.Entry {
attrs = append(attrs, &ldap.EntryAttribute{Name: "member", Values: g.member})
attrs = append(attrs, &ldap.EntryAttribute{Name: "goauthentik.io/ldap/superuser", Values: []string{BoolToString(g.isSuperuser)}})
if (g.akAttributes != nil) {
if g.akAttributes != nil {
attrs = append(attrs, AKAttrsToLDAP(g.akAttributes)...)
}

View File

@ -51,14 +51,14 @@ type LDAPServer struct {
}
type LDAPGroup struct {
dn string
cn string
uid string
gidNumber string
member []string
isSuperuser bool
dn string
cn string
uid string
gidNumber string
member []string
isSuperuser bool
isVirtualGroup bool
akAttributes interface{}
akAttributes interface{}
}
func NewServer(ac *ak.APIController) *LDAPServer {

View File

@ -82,27 +82,27 @@ func (pi *ProviderInstance) UsersForGroup(group api.Group) []string {
func (pi *ProviderInstance) APIGroupToLDAPGroup(g api.Group) LDAPGroup {
return LDAPGroup{
dn: pi.GetGroupDN(g.Name),
cn: g.Name,
uid: string(g.Pk),
gidNumber: pi.GetGidNumber(g),
member: pi.UsersForGroup(g),
isVirtualGroup: false,
isSuperuser: *g.IsSuperuser,
akAttributes: g.Attributes,
dn: pi.GetGroupDN(g.Name),
cn: g.Name,
uid: string(g.Pk),
gidNumber: pi.GetGidNumber(g),
member: pi.UsersForGroup(g),
isVirtualGroup: false,
isSuperuser: *g.IsSuperuser,
akAttributes: g.Attributes,
}
}
func (pi *ProviderInstance) APIUserToLDAPGroup(u api.User) LDAPGroup {
return LDAPGroup{
dn: pi.GetGroupDN(u.Username),
cn: u.Username,
uid: u.Uid,
gidNumber: pi.GetUidNumber(u),
member: []string{pi.GetUserDN(u.Username)},
isVirtualGroup: true,
isSuperuser: false,
akAttributes: nil,
dn: pi.GetGroupDN(u.Username),
cn: u.Username,
uid: u.Uid,
gidNumber: pi.GetUidNumber(u),
member: []string{pi.GetUserDN(u.Username)},
isVirtualGroup: true,
isSuperuser: false,
akAttributes: nil,
}
}
@ -115,11 +115,11 @@ func (pi *ProviderInstance) GetGroupDN(group string) string {
}
func (pi *ProviderInstance) GetUidNumber(user api.User) string {
return strconv.FormatInt(int64(pi.uidStartNumber + user.Pk), 10)
return strconv.FormatInt(int64(pi.uidStartNumber+user.Pk), 10)
}
func (pi *ProviderInstance) GetGidNumber(group api.Group) string {
return strconv.FormatInt(int64(pi.gidStartNumber + pi.GetRIDForGroup(group.Pk)), 10)
return strconv.FormatInt(int64(pi.gidStartNumber+pi.GetRIDForGroup(group.Pk)), 10)
}
func (pi *ProviderInstance) GetRIDForGroup(uid string) int32 {