add group connection
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
330f639a7e
commit
52463b8f96
41
authentik/core/migrations/0032_groupsourceconnection.py
Normal file
41
authentik/core/migrations/0032_groupsourceconnection.py
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
# Generated by Django 4.2.5 on 2023-09-27 10:44
|
||||||
|
|
||||||
|
import django.db.models.deletion
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
dependencies = [
|
||||||
|
("authentik_core", "0031_alter_user_type"),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.CreateModel(
|
||||||
|
name="GroupSourceConnection",
|
||||||
|
fields=[
|
||||||
|
(
|
||||||
|
"id",
|
||||||
|
models.AutoField(
|
||||||
|
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
|
||||||
|
),
|
||||||
|
),
|
||||||
|
("created", models.DateTimeField(auto_now_add=True)),
|
||||||
|
("last_updated", models.DateTimeField(auto_now=True)),
|
||||||
|
(
|
||||||
|
"group",
|
||||||
|
models.ForeignKey(
|
||||||
|
on_delete=django.db.models.deletion.CASCADE, to="authentik_core.group"
|
||||||
|
),
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"source",
|
||||||
|
models.ForeignKey(
|
||||||
|
on_delete=django.db.models.deletion.CASCADE, to="authentik_core.source"
|
||||||
|
),
|
||||||
|
),
|
||||||
|
],
|
||||||
|
options={
|
||||||
|
"unique_together": {("group", "source")},
|
||||||
|
},
|
||||||
|
),
|
||||||
|
]
|
|
@ -575,6 +575,23 @@ class UserSourceConnection(SerializerModel, CreatedUpdatedModel):
|
||||||
unique_together = (("user", "source"),)
|
unique_together = (("user", "source"),)
|
||||||
|
|
||||||
|
|
||||||
|
class GroupSourceConnection(SerializerModel, CreatedUpdatedModel):
|
||||||
|
"""Connection between Group and Source."""
|
||||||
|
|
||||||
|
group = models.ForeignKey(Group, on_delete=models.CASCADE)
|
||||||
|
source = models.ForeignKey(Source, on_delete=models.CASCADE)
|
||||||
|
|
||||||
|
objects = InheritanceManager()
|
||||||
|
|
||||||
|
@property
|
||||||
|
def serializer(self) -> type[Serializer]:
|
||||||
|
"""Get serializer for this model"""
|
||||||
|
raise NotImplementedError
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
unique_together = (("group", "source"),)
|
||||||
|
|
||||||
|
|
||||||
class ExpiringModel(models.Model):
|
class ExpiringModel(models.Model):
|
||||||
"""Base Model which can expire, and is automatically cleaned up."""
|
"""Base Model which can expire, and is automatically cleaned up."""
|
||||||
|
|
||||||
|
|
|
@ -150,4 +150,3 @@ class LDAPSourceViewSet(UsedByMixin, ModelViewSet):
|
||||||
obj.pop("raw_dn", None)
|
obj.pop("raw_dn", None)
|
||||||
all_objects[class_name].append(obj)
|
all_objects[class_name].append(obj)
|
||||||
return Response(data=all_objects)
|
return Response(data=all_objects)
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,58 @@
|
||||||
|
# Generated by Django 4.2.5 on 2023-09-27 10:44
|
||||||
|
|
||||||
|
import django.db.models.deletion
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
dependencies = [
|
||||||
|
("authentik_core", "0032_groupsourceconnection"),
|
||||||
|
("authentik_sources_ldap", "0003_ldapsource_client_certificate_ldapsource_sni_and_more"),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.CreateModel(
|
||||||
|
name="LDAPGroupSourceConnection",
|
||||||
|
fields=[
|
||||||
|
(
|
||||||
|
"groupsourceconnection_ptr",
|
||||||
|
models.OneToOneField(
|
||||||
|
auto_created=True,
|
||||||
|
on_delete=django.db.models.deletion.CASCADE,
|
||||||
|
parent_link=True,
|
||||||
|
primary_key=True,
|
||||||
|
serialize=False,
|
||||||
|
to="authentik_core.groupsourceconnection",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
("unique_identifier", models.TextField(unique=True)),
|
||||||
|
],
|
||||||
|
options={
|
||||||
|
"verbose_name": "LDAP Group Source Connection",
|
||||||
|
"verbose_name_plural": "LDAP Group Source Connections",
|
||||||
|
},
|
||||||
|
bases=("authentik_core.groupsourceconnection",),
|
||||||
|
),
|
||||||
|
migrations.CreateModel(
|
||||||
|
name="LDAPUserSourceConnection",
|
||||||
|
fields=[
|
||||||
|
(
|
||||||
|
"usersourceconnection_ptr",
|
||||||
|
models.OneToOneField(
|
||||||
|
auto_created=True,
|
||||||
|
on_delete=django.db.models.deletion.CASCADE,
|
||||||
|
parent_link=True,
|
||||||
|
primary_key=True,
|
||||||
|
serialize=False,
|
||||||
|
to="authentik_core.usersourceconnection",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
("unique_identifier", models.TextField(unique=True)),
|
||||||
|
],
|
||||||
|
options={
|
||||||
|
"verbose_name": "LDAP User Source Connection",
|
||||||
|
"verbose_name_plural": "LDAP User Source Connections",
|
||||||
|
},
|
||||||
|
bases=("authentik_core.usersourceconnection",),
|
||||||
|
),
|
||||||
|
]
|
|
@ -10,7 +10,13 @@ from ldap3 import ALL, NONE, RANDOM, Connection, Server, ServerPool, Tls
|
||||||
from ldap3.core.exceptions import LDAPInsufficientAccessRightsResult, LDAPSchemaError
|
from ldap3.core.exceptions import LDAPInsufficientAccessRightsResult, LDAPSchemaError
|
||||||
from rest_framework.serializers import Serializer
|
from rest_framework.serializers import Serializer
|
||||||
|
|
||||||
from authentik.core.models import Group, PropertyMapping, Source, UserSourceConnection
|
from authentik.core.models import (
|
||||||
|
Group,
|
||||||
|
GroupSourceConnection,
|
||||||
|
PropertyMapping,
|
||||||
|
Source,
|
||||||
|
UserSourceConnection,
|
||||||
|
)
|
||||||
from authentik.crypto.models import CertificateKeyPair
|
from authentik.crypto.models import CertificateKeyPair
|
||||||
from authentik.lib.config import CONFIG
|
from authentik.lib.config import CONFIG
|
||||||
from authentik.lib.models import DomainlessURLValidator
|
from authentik.lib.models import DomainlessURLValidator
|
||||||
|
@ -113,7 +119,7 @@ class LDAPSource(Source):
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def serializer(self) -> type[Serializer]:
|
def serializer(self) -> type[Serializer]:
|
||||||
from authentik.sources.ldap.api import LDAPSourceSerializer
|
from authentik.sources.ldap.api.sources import LDAPSourceSerializer
|
||||||
|
|
||||||
return LDAPSourceSerializer
|
return LDAPSourceSerializer
|
||||||
|
|
||||||
|
@ -202,7 +208,7 @@ class LDAPPropertyMapping(PropertyMapping):
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def serializer(self) -> type[Serializer]:
|
def serializer(self) -> type[Serializer]:
|
||||||
from authentik.sources.ldap.api import LDAPPropertyMappingSerializer
|
from authentik.sources.ldap.api.property_mappings import LDAPPropertyMappingSerializer
|
||||||
|
|
||||||
return LDAPPropertyMappingSerializer
|
return LDAPPropertyMappingSerializer
|
||||||
|
|
||||||
|
@ -221,12 +227,26 @@ class LDAPUserSourceConnection(UserSourceConnection):
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def serializer(self) -> Serializer:
|
def serializer(self) -> Serializer:
|
||||||
from authentik.sources.ldap.api.source_connections import (
|
from authentik.sources.ldap.api.source_connections import LDAPUserSourceConnectionSerializer
|
||||||
LDAPUserSourceConnectionSerializer,
|
|
||||||
)
|
|
||||||
|
|
||||||
return LDAPUserSourceConnectionSerializer
|
return LDAPUserSourceConnectionSerializer
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
verbose_name = _("LDAP User Source Connection")
|
verbose_name = _("LDAP User Source Connection")
|
||||||
verbose_name_plural = _("LDAP User Source Connections")
|
verbose_name_plural = _("LDAP User Source Connections")
|
||||||
|
|
||||||
|
|
||||||
|
class LDAPGroupSourceConnection(GroupSourceConnection):
|
||||||
|
"""Connection between an authentik group and an LDAP source."""
|
||||||
|
|
||||||
|
unique_identifier = models.TextField(unique=True)
|
||||||
|
|
||||||
|
@property
|
||||||
|
def serializer(self) -> Serializer:
|
||||||
|
from authentik.sources.ldap.api.source_connections import LDAPUserSourceConnectionSerializer
|
||||||
|
|
||||||
|
return LDAPUserSourceConnectionSerializer
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
verbose_name = _("LDAP Group Source Connection")
|
||||||
|
verbose_name_plural = _("LDAP Group Source Connections")
|
||||||
|
|
|
@ -7,6 +7,7 @@ from ldap3 import ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES, SUBTREE
|
||||||
|
|
||||||
from authentik.core.models import Group
|
from authentik.core.models import Group
|
||||||
from authentik.events.models import Event, EventAction
|
from authentik.events.models import Event, EventAction
|
||||||
|
from authentik.sources.ldap.models import LDAPGroupSourceConnection
|
||||||
from authentik.sources.ldap.sync.base import LDAP_UNIQUENESS, BaseLDAPSynchronizer
|
from authentik.sources.ldap.sync.base import LDAP_UNIQUENESS, BaseLDAPSynchronizer
|
||||||
|
|
||||||
|
|
||||||
|
@ -63,7 +64,13 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer):
|
||||||
},
|
},
|
||||||
defaults,
|
defaults,
|
||||||
)
|
)
|
||||||
self._logger.debug("Created group with attributes", **defaults)
|
LDAPGroupSourceConnection.objects.update_or_create(
|
||||||
|
defaults={
|
||||||
|
"unique_identifier": uniq,
|
||||||
|
"source": self._source,
|
||||||
|
},
|
||||||
|
group=ak_group,
|
||||||
|
)
|
||||||
except (IntegrityError, FieldError, TypeError, AttributeError) as exc:
|
except (IntegrityError, FieldError, TypeError, AttributeError) as exc:
|
||||||
Event.new(
|
Event.new(
|
||||||
EventAction.CONFIGURATION_ERROR,
|
EventAction.CONFIGURATION_ERROR,
|
||||||
|
|
|
@ -7,6 +7,7 @@ from ldap3 import ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES, SUBTREE
|
||||||
|
|
||||||
from authentik.core.models import User
|
from authentik.core.models import User
|
||||||
from authentik.events.models import Event, EventAction
|
from authentik.events.models import Event, EventAction
|
||||||
|
from authentik.sources.ldap.models import LDAPUserSourceConnection
|
||||||
from authentik.sources.ldap.sync.base import LDAP_UNIQUENESS, BaseLDAPSynchronizer
|
from authentik.sources.ldap.sync.base import LDAP_UNIQUENESS, BaseLDAPSynchronizer
|
||||||
from authentik.sources.ldap.sync.vendor.freeipa import FreeIPA
|
from authentik.sources.ldap.sync.vendor.freeipa import FreeIPA
|
||||||
from authentik.sources.ldap.sync.vendor.ms_ad import MicrosoftActiveDirectory
|
from authentik.sources.ldap.sync.vendor.ms_ad import MicrosoftActiveDirectory
|
||||||
|
@ -58,6 +59,13 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer):
|
||||||
ak_user, created = self.update_or_create_attributes(
|
ak_user, created = self.update_or_create_attributes(
|
||||||
User, {f"attributes__{LDAP_UNIQUENESS}": uniq}, defaults
|
User, {f"attributes__{LDAP_UNIQUENESS}": uniq}, defaults
|
||||||
)
|
)
|
||||||
|
LDAPUserSourceConnection.objects.update_or_create(
|
||||||
|
defaults={
|
||||||
|
"unique_identifier": uniq,
|
||||||
|
"source": self._source,
|
||||||
|
},
|
||||||
|
user=ak_user,
|
||||||
|
)
|
||||||
except (IntegrityError, FieldError, TypeError, AttributeError) as exc:
|
except (IntegrityError, FieldError, TypeError, AttributeError) as exc:
|
||||||
Event.new(
|
Event.new(
|
||||||
EventAction.CONFIGURATION_ERROR,
|
EventAction.CONFIGURATION_ERROR,
|
||||||
|
@ -72,6 +80,7 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer):
|
||||||
else:
|
else:
|
||||||
self._logger.debug("Synced User", user=ak_user.username, created=created)
|
self._logger.debug("Synced User", user=ak_user.username, created=created)
|
||||||
user_count += 1
|
user_count += 1
|
||||||
|
# TODO: Optimise vendor sync to not create a new connection
|
||||||
MicrosoftActiveDirectory(self._source).sync(attributes, ak_user, created)
|
MicrosoftActiveDirectory(self._source).sync(attributes, ak_user, created)
|
||||||
FreeIPA(self._source).sync(attributes, ak_user, created)
|
FreeIPA(self._source).sync(attributes, ak_user, created)
|
||||||
return user_count
|
return user_count
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
from rest_framework.test import APITestCase
|
from rest_framework.test import APITestCase
|
||||||
|
|
||||||
from authentik.lib.generators import generate_key
|
from authentik.lib.generators import generate_key
|
||||||
from authentik.sources.ldap.api import LDAPSourceSerializer
|
from authentik.sources.ldap.api.sources import LDAPSourceSerializer
|
||||||
from authentik.sources.ldap.models import LDAPSource
|
from authentik.sources.ldap.models import LDAPSource
|
||||||
|
|
||||||
LDAP_PASSWORD = generate_key()
|
LDAP_PASSWORD = generate_key()
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
"""API URLs"""
|
"""API URLs"""
|
||||||
from authentik.sources.ldap.api.sources import LDAPSourceViewSet
|
|
||||||
from authentik.sources.ldap.api.property_mappings import LDAPPropertyMappingViewSet
|
from authentik.sources.ldap.api.property_mappings import LDAPPropertyMappingViewSet
|
||||||
from authentik.sources.ldap.api.source_connections import LDAPUserSourceConnectionViewSet
|
from authentik.sources.ldap.api.source_connections import LDAPUserSourceConnectionViewSet
|
||||||
|
from authentik.sources.ldap.api.sources import LDAPSourceViewSet
|
||||||
|
|
||||||
api_urlpatterns = [
|
api_urlpatterns = [
|
||||||
("propertymappings/ldap", LDAPPropertyMappingViewSet),
|
("propertymappings/ldap", LDAPPropertyMappingViewSet),
|
||||||
|
|
|
@ -2,8 +2,8 @@
|
||||||
|
|
||||||
from django.urls import path
|
from django.urls import path
|
||||||
|
|
||||||
from authentik.sources.oauth.api.sources import OAuthSourceViewSet
|
|
||||||
from authentik.sources.oauth.api.source_connections import UserOAuthSourceConnectionViewSet
|
from authentik.sources.oauth.api.source_connections import UserOAuthSourceConnectionViewSet
|
||||||
|
from authentik.sources.oauth.api.sources import OAuthSourceViewSet
|
||||||
from authentik.sources.oauth.types.registry import RequestKind
|
from authentik.sources.oauth.types.registry import RequestKind
|
||||||
from authentik.sources.oauth.views.dispatcher import DispatcherView
|
from authentik.sources.oauth.views.dispatcher import DispatcherView
|
||||||
|
|
||||||
|
|
Reference in a new issue