outposts/ldap: allow overriding gidNumber for a user (#8003)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
This commit is contained in:
parent
4b115e18fb
commit
64ca5d42be
|
@ -6,6 +6,7 @@ import (
|
|||
"strings"
|
||||
|
||||
"beryju.io/ldap"
|
||||
|
||||
"goauthentik.io/api/v3"
|
||||
"goauthentik.io/internal/outpost/ldap/constants"
|
||||
"goauthentik.io/internal/outpost/ldap/utils"
|
||||
|
@ -49,8 +50,8 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
|
|||
constants.OCPosixAccount,
|
||||
constants.OCAKUser,
|
||||
},
|
||||
"uidNumber": {pi.GetUidNumber(u)},
|
||||
"gidNumber": {pi.GetUidNumber(u)},
|
||||
"uidNumber": {pi.GetUserUidNumber(u)},
|
||||
"gidNumber": {pi.GetUserGidNumber(u)},
|
||||
"homeDirectory": {fmt.Sprintf("/home/%s", u.Username)},
|
||||
"sn": {u.Name},
|
||||
})
|
||||
|
|
|
@ -4,6 +4,7 @@ import (
|
|||
"strconv"
|
||||
|
||||
"beryju.io/ldap"
|
||||
|
||||
"goauthentik.io/api/v3"
|
||||
"goauthentik.io/internal/outpost/ldap/constants"
|
||||
"goauthentik.io/internal/outpost/ldap/server"
|
||||
|
@ -50,7 +51,7 @@ func FromAPIGroup(g api.Group, si server.LDAPServerInstance) *LDAPGroup {
|
|||
DN: si.GetGroupDN(g.Name),
|
||||
CN: g.Name,
|
||||
Uid: string(g.Pk),
|
||||
GidNumber: si.GetGidNumber(g),
|
||||
GidNumber: si.GetGroupGidNumber(g),
|
||||
Member: si.UsersForGroup(g),
|
||||
IsVirtualGroup: false,
|
||||
IsSuperuser: *g.IsSuperuser,
|
||||
|
@ -63,7 +64,7 @@ func FromAPIUser(u api.User, si server.LDAPServerInstance) *LDAPGroup {
|
|||
DN: si.GetVirtualGroupDN(u.Username),
|
||||
CN: u.Username,
|
||||
Uid: u.Uid,
|
||||
GidNumber: si.GetUidNumber(u),
|
||||
GidNumber: si.GetUserGidNumber(u),
|
||||
Member: []string{si.GetUserDN(u.Username)},
|
||||
IsVirtualGroup: true,
|
||||
IsSuperuser: false,
|
||||
|
|
|
@ -3,6 +3,7 @@ package server
|
|||
import (
|
||||
"beryju.io/ldap"
|
||||
"github.com/go-openapi/strfmt"
|
||||
|
||||
"goauthentik.io/api/v3"
|
||||
"goauthentik.io/internal/outpost/ldap/flags"
|
||||
)
|
||||
|
@ -28,8 +29,9 @@ type LDAPServerInstance interface {
|
|||
GetGroupDN(string) string
|
||||
GetVirtualGroupDN(string) string
|
||||
|
||||
GetUidNumber(api.User) string
|
||||
GetGidNumber(api.Group) string
|
||||
GetUserUidNumber(api.User) string
|
||||
GetUserGidNumber(api.User) string
|
||||
GetGroupGidNumber(api.Group) string
|
||||
|
||||
UsersForGroup(api.Group) []string
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ func (pi *ProviderInstance) GetVirtualGroupDN(group string) string {
|
|||
return fmt.Sprintf("cn=%s,%s", group, pi.VirtualGroupDN)
|
||||
}
|
||||
|
||||
func (pi *ProviderInstance) GetUidNumber(user api.User) string {
|
||||
func (pi *ProviderInstance) GetUserUidNumber(user api.User) string {
|
||||
uidNumber, ok := user.GetAttributes()["uidNumber"].(string)
|
||||
|
||||
if ok {
|
||||
|
@ -45,7 +45,17 @@ func (pi *ProviderInstance) GetUidNumber(user api.User) string {
|
|||
return strconv.FormatInt(int64(pi.uidStartNumber+user.Pk), 10)
|
||||
}
|
||||
|
||||
func (pi *ProviderInstance) GetGidNumber(group api.Group) string {
|
||||
func (pi *ProviderInstance) GetUserGidNumber(user api.User) string {
|
||||
gidNumber, ok := user.GetAttributes()["gidNumber"].(string)
|
||||
|
||||
if ok {
|
||||
return gidNumber
|
||||
}
|
||||
|
||||
return pi.GetUserUidNumber(user)
|
||||
}
|
||||
|
||||
func (pi *ProviderInstance) GetGroupGidNumber(group api.Group) string {
|
||||
gidNumber, ok := group.GetAttributes()["gidNumber"].(string)
|
||||
|
||||
if ok {
|
||||
|
|
Reference in a new issue