outposts/ldap: allow overriding gidNumber for a user (#8003)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
This commit is contained in:
parent
4b115e18fb
commit
64ca5d42be
|
@ -6,6 +6,7 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"beryju.io/ldap"
|
"beryju.io/ldap"
|
||||||
|
|
||||||
"goauthentik.io/api/v3"
|
"goauthentik.io/api/v3"
|
||||||
"goauthentik.io/internal/outpost/ldap/constants"
|
"goauthentik.io/internal/outpost/ldap/constants"
|
||||||
"goauthentik.io/internal/outpost/ldap/utils"
|
"goauthentik.io/internal/outpost/ldap/utils"
|
||||||
|
@ -49,8 +50,8 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
|
||||||
constants.OCPosixAccount,
|
constants.OCPosixAccount,
|
||||||
constants.OCAKUser,
|
constants.OCAKUser,
|
||||||
},
|
},
|
||||||
"uidNumber": {pi.GetUidNumber(u)},
|
"uidNumber": {pi.GetUserUidNumber(u)},
|
||||||
"gidNumber": {pi.GetUidNumber(u)},
|
"gidNumber": {pi.GetUserGidNumber(u)},
|
||||||
"homeDirectory": {fmt.Sprintf("/home/%s", u.Username)},
|
"homeDirectory": {fmt.Sprintf("/home/%s", u.Username)},
|
||||||
"sn": {u.Name},
|
"sn": {u.Name},
|
||||||
})
|
})
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
||||||
"beryju.io/ldap"
|
"beryju.io/ldap"
|
||||||
|
|
||||||
"goauthentik.io/api/v3"
|
"goauthentik.io/api/v3"
|
||||||
"goauthentik.io/internal/outpost/ldap/constants"
|
"goauthentik.io/internal/outpost/ldap/constants"
|
||||||
"goauthentik.io/internal/outpost/ldap/server"
|
"goauthentik.io/internal/outpost/ldap/server"
|
||||||
|
@ -50,7 +51,7 @@ func FromAPIGroup(g api.Group, si server.LDAPServerInstance) *LDAPGroup {
|
||||||
DN: si.GetGroupDN(g.Name),
|
DN: si.GetGroupDN(g.Name),
|
||||||
CN: g.Name,
|
CN: g.Name,
|
||||||
Uid: string(g.Pk),
|
Uid: string(g.Pk),
|
||||||
GidNumber: si.GetGidNumber(g),
|
GidNumber: si.GetGroupGidNumber(g),
|
||||||
Member: si.UsersForGroup(g),
|
Member: si.UsersForGroup(g),
|
||||||
IsVirtualGroup: false,
|
IsVirtualGroup: false,
|
||||||
IsSuperuser: *g.IsSuperuser,
|
IsSuperuser: *g.IsSuperuser,
|
||||||
|
@ -63,7 +64,7 @@ func FromAPIUser(u api.User, si server.LDAPServerInstance) *LDAPGroup {
|
||||||
DN: si.GetVirtualGroupDN(u.Username),
|
DN: si.GetVirtualGroupDN(u.Username),
|
||||||
CN: u.Username,
|
CN: u.Username,
|
||||||
Uid: u.Uid,
|
Uid: u.Uid,
|
||||||
GidNumber: si.GetUidNumber(u),
|
GidNumber: si.GetUserGidNumber(u),
|
||||||
Member: []string{si.GetUserDN(u.Username)},
|
Member: []string{si.GetUserDN(u.Username)},
|
||||||
IsVirtualGroup: true,
|
IsVirtualGroup: true,
|
||||||
IsSuperuser: false,
|
IsSuperuser: false,
|
||||||
|
|
|
@ -3,6 +3,7 @@ package server
|
||||||
import (
|
import (
|
||||||
"beryju.io/ldap"
|
"beryju.io/ldap"
|
||||||
"github.com/go-openapi/strfmt"
|
"github.com/go-openapi/strfmt"
|
||||||
|
|
||||||
"goauthentik.io/api/v3"
|
"goauthentik.io/api/v3"
|
||||||
"goauthentik.io/internal/outpost/ldap/flags"
|
"goauthentik.io/internal/outpost/ldap/flags"
|
||||||
)
|
)
|
||||||
|
@ -28,8 +29,9 @@ type LDAPServerInstance interface {
|
||||||
GetGroupDN(string) string
|
GetGroupDN(string) string
|
||||||
GetVirtualGroupDN(string) string
|
GetVirtualGroupDN(string) string
|
||||||
|
|
||||||
GetUidNumber(api.User) string
|
GetUserUidNumber(api.User) string
|
||||||
GetGidNumber(api.Group) string
|
GetUserGidNumber(api.User) string
|
||||||
|
GetGroupGidNumber(api.Group) string
|
||||||
|
|
||||||
UsersForGroup(api.Group) []string
|
UsersForGroup(api.Group) []string
|
||||||
|
|
||||||
|
|
|
@ -35,7 +35,7 @@ func (pi *ProviderInstance) GetVirtualGroupDN(group string) string {
|
||||||
return fmt.Sprintf("cn=%s,%s", group, pi.VirtualGroupDN)
|
return fmt.Sprintf("cn=%s,%s", group, pi.VirtualGroupDN)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (pi *ProviderInstance) GetUidNumber(user api.User) string {
|
func (pi *ProviderInstance) GetUserUidNumber(user api.User) string {
|
||||||
uidNumber, ok := user.GetAttributes()["uidNumber"].(string)
|
uidNumber, ok := user.GetAttributes()["uidNumber"].(string)
|
||||||
|
|
||||||
if ok {
|
if ok {
|
||||||
|
@ -45,7 +45,17 @@ func (pi *ProviderInstance) GetUidNumber(user api.User) string {
|
||||||
return strconv.FormatInt(int64(pi.uidStartNumber+user.Pk), 10)
|
return strconv.FormatInt(int64(pi.uidStartNumber+user.Pk), 10)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (pi *ProviderInstance) GetGidNumber(group api.Group) string {
|
func (pi *ProviderInstance) GetUserGidNumber(user api.User) string {
|
||||||
|
gidNumber, ok := user.GetAttributes()["gidNumber"].(string)
|
||||||
|
|
||||||
|
if ok {
|
||||||
|
return gidNumber
|
||||||
|
}
|
||||||
|
|
||||||
|
return pi.GetUserUidNumber(user)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (pi *ProviderInstance) GetGroupGidNumber(group api.Group) string {
|
||||||
gidNumber, ok := group.GetAttributes()["gidNumber"].(string)
|
gidNumber, ok := group.GetAttributes()["gidNumber"].(string)
|
||||||
|
|
||||||
if ok {
|
if ok {
|
||||||
|
|
Reference in New Issue