outposts/ldap: allow overriding gidNumber for a user (#8003)

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
This commit is contained in:
Marc 'risson' Schmitt 2023-12-28 14:21:08 +01:00 committed by GitHub
parent 4b115e18fb
commit 64ca5d42be
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 8 deletions

View File

@ -6,6 +6,7 @@ import (
"strings" "strings"
"beryju.io/ldap" "beryju.io/ldap"
"goauthentik.io/api/v3" "goauthentik.io/api/v3"
"goauthentik.io/internal/outpost/ldap/constants" "goauthentik.io/internal/outpost/ldap/constants"
"goauthentik.io/internal/outpost/ldap/utils" "goauthentik.io/internal/outpost/ldap/utils"
@ -49,8 +50,8 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
constants.OCPosixAccount, constants.OCPosixAccount,
constants.OCAKUser, constants.OCAKUser,
}, },
"uidNumber": {pi.GetUidNumber(u)}, "uidNumber": {pi.GetUserUidNumber(u)},
"gidNumber": {pi.GetUidNumber(u)}, "gidNumber": {pi.GetUserGidNumber(u)},
"homeDirectory": {fmt.Sprintf("/home/%s", u.Username)}, "homeDirectory": {fmt.Sprintf("/home/%s", u.Username)},
"sn": {u.Name}, "sn": {u.Name},
}) })

View File

@ -4,6 +4,7 @@ import (
"strconv" "strconv"
"beryju.io/ldap" "beryju.io/ldap"
"goauthentik.io/api/v3" "goauthentik.io/api/v3"
"goauthentik.io/internal/outpost/ldap/constants" "goauthentik.io/internal/outpost/ldap/constants"
"goauthentik.io/internal/outpost/ldap/server" "goauthentik.io/internal/outpost/ldap/server"
@ -50,7 +51,7 @@ func FromAPIGroup(g api.Group, si server.LDAPServerInstance) *LDAPGroup {
DN: si.GetGroupDN(g.Name), DN: si.GetGroupDN(g.Name),
CN: g.Name, CN: g.Name,
Uid: string(g.Pk), Uid: string(g.Pk),
GidNumber: si.GetGidNumber(g), GidNumber: si.GetGroupGidNumber(g),
Member: si.UsersForGroup(g), Member: si.UsersForGroup(g),
IsVirtualGroup: false, IsVirtualGroup: false,
IsSuperuser: *g.IsSuperuser, IsSuperuser: *g.IsSuperuser,
@ -63,7 +64,7 @@ func FromAPIUser(u api.User, si server.LDAPServerInstance) *LDAPGroup {
DN: si.GetVirtualGroupDN(u.Username), DN: si.GetVirtualGroupDN(u.Username),
CN: u.Username, CN: u.Username,
Uid: u.Uid, Uid: u.Uid,
GidNumber: si.GetUidNumber(u), GidNumber: si.GetUserGidNumber(u),
Member: []string{si.GetUserDN(u.Username)}, Member: []string{si.GetUserDN(u.Username)},
IsVirtualGroup: true, IsVirtualGroup: true,
IsSuperuser: false, IsSuperuser: false,

View File

@ -3,6 +3,7 @@ package server
import ( import (
"beryju.io/ldap" "beryju.io/ldap"
"github.com/go-openapi/strfmt" "github.com/go-openapi/strfmt"
"goauthentik.io/api/v3" "goauthentik.io/api/v3"
"goauthentik.io/internal/outpost/ldap/flags" "goauthentik.io/internal/outpost/ldap/flags"
) )
@ -28,8 +29,9 @@ type LDAPServerInstance interface {
GetGroupDN(string) string GetGroupDN(string) string
GetVirtualGroupDN(string) string GetVirtualGroupDN(string) string
GetUidNumber(api.User) string GetUserUidNumber(api.User) string
GetGidNumber(api.Group) string GetUserGidNumber(api.User) string
GetGroupGidNumber(api.Group) string
UsersForGroup(api.Group) []string UsersForGroup(api.Group) []string

View File

@ -35,7 +35,7 @@ func (pi *ProviderInstance) GetVirtualGroupDN(group string) string {
return fmt.Sprintf("cn=%s,%s", group, pi.VirtualGroupDN) return fmt.Sprintf("cn=%s,%s", group, pi.VirtualGroupDN)
} }
func (pi *ProviderInstance) GetUidNumber(user api.User) string { func (pi *ProviderInstance) GetUserUidNumber(user api.User) string {
uidNumber, ok := user.GetAttributes()["uidNumber"].(string) uidNumber, ok := user.GetAttributes()["uidNumber"].(string)
if ok { if ok {
@ -45,7 +45,17 @@ func (pi *ProviderInstance) GetUidNumber(user api.User) string {
return strconv.FormatInt(int64(pi.uidStartNumber+user.Pk), 10) return strconv.FormatInt(int64(pi.uidStartNumber+user.Pk), 10)
} }
func (pi *ProviderInstance) GetGidNumber(group api.Group) string { func (pi *ProviderInstance) GetUserGidNumber(user api.User) string {
gidNumber, ok := user.GetAttributes()["gidNumber"].(string)
if ok {
return gidNumber
}
return pi.GetUserUidNumber(user)
}
func (pi *ProviderInstance) GetGroupGidNumber(group api.Group) string {
gidNumber, ok := group.GetAttributes()["gidNumber"].(string) gidNumber, ok := group.GetAttributes()["gidNumber"].(string)
if ok { if ok {