outposts/ldap: allow overriding gidNumber for a user (#8003)

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
This commit is contained in:
Marc 'risson' Schmitt 2023-12-28 14:21:08 +01:00 committed by GitHub
parent 4b115e18fb
commit 64ca5d42be
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 8 deletions

View file

@ -6,6 +6,7 @@ import (
"strings"
"beryju.io/ldap"
"goauthentik.io/api/v3"
"goauthentik.io/internal/outpost/ldap/constants"
"goauthentik.io/internal/outpost/ldap/utils"
@ -49,8 +50,8 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
constants.OCPosixAccount,
constants.OCAKUser,
},
"uidNumber": {pi.GetUidNumber(u)},
"gidNumber": {pi.GetUidNumber(u)},
"uidNumber": {pi.GetUserUidNumber(u)},
"gidNumber": {pi.GetUserGidNumber(u)},
"homeDirectory": {fmt.Sprintf("/home/%s", u.Username)},
"sn": {u.Name},
})

View file

@ -4,6 +4,7 @@ import (
"strconv"
"beryju.io/ldap"
"goauthentik.io/api/v3"
"goauthentik.io/internal/outpost/ldap/constants"
"goauthentik.io/internal/outpost/ldap/server"
@ -50,7 +51,7 @@ func FromAPIGroup(g api.Group, si server.LDAPServerInstance) *LDAPGroup {
DN: si.GetGroupDN(g.Name),
CN: g.Name,
Uid: string(g.Pk),
GidNumber: si.GetGidNumber(g),
GidNumber: si.GetGroupGidNumber(g),
Member: si.UsersForGroup(g),
IsVirtualGroup: false,
IsSuperuser: *g.IsSuperuser,
@ -63,7 +64,7 @@ func FromAPIUser(u api.User, si server.LDAPServerInstance) *LDAPGroup {
DN: si.GetVirtualGroupDN(u.Username),
CN: u.Username,
Uid: u.Uid,
GidNumber: si.GetUidNumber(u),
GidNumber: si.GetUserGidNumber(u),
Member: []string{si.GetUserDN(u.Username)},
IsVirtualGroup: true,
IsSuperuser: false,

View file

@ -3,6 +3,7 @@ package server
import (
"beryju.io/ldap"
"github.com/go-openapi/strfmt"
"goauthentik.io/api/v3"
"goauthentik.io/internal/outpost/ldap/flags"
)
@ -28,8 +29,9 @@ type LDAPServerInstance interface {
GetGroupDN(string) string
GetVirtualGroupDN(string) string
GetUidNumber(api.User) string
GetGidNumber(api.Group) string
GetUserUidNumber(api.User) string
GetUserGidNumber(api.User) string
GetGroupGidNumber(api.Group) string
UsersForGroup(api.Group) []string

View file

@ -35,7 +35,7 @@ func (pi *ProviderInstance) GetVirtualGroupDN(group string) string {
return fmt.Sprintf("cn=%s,%s", group, pi.VirtualGroupDN)
}
func (pi *ProviderInstance) GetUidNumber(user api.User) string {
func (pi *ProviderInstance) GetUserUidNumber(user api.User) string {
uidNumber, ok := user.GetAttributes()["uidNumber"].(string)
if ok {
@ -45,7 +45,17 @@ func (pi *ProviderInstance) GetUidNumber(user api.User) string {
return strconv.FormatInt(int64(pi.uidStartNumber+user.Pk), 10)
}
func (pi *ProviderInstance) GetGidNumber(group api.Group) string {
func (pi *ProviderInstance) GetUserGidNumber(user api.User) string {
gidNumber, ok := user.GetAttributes()["gidNumber"].(string)
if ok {
return gidNumber
}
return pi.GetUserUidNumber(user)
}
func (pi *ProviderInstance) GetGroupGidNumber(group api.Group) string {
gidNumber, ok := group.GetAttributes()["gidNumber"].(string)
if ok {