sources/ldap: use both entryDN and dn (for active-directory)
This commit is contained in:
parent
2717742bd2
commit
83bf639926
|
@ -24,7 +24,9 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer):
|
||||||
group_count = 0
|
group_count = 0
|
||||||
for group in groups:
|
for group in groups:
|
||||||
attributes = group.get("attributes", {})
|
attributes = group.get("attributes", {})
|
||||||
group_dn = self._flatten(group.get("entryDN", ""))
|
group_dn = self._flatten(
|
||||||
|
self._flatten(group.get("entryDN", group.get("dn")))
|
||||||
|
)
|
||||||
if self._source.object_uniqueness_field not in attributes:
|
if self._source.object_uniqueness_field not in attributes:
|
||||||
self._logger.warning(
|
self._logger.warning(
|
||||||
"Cannot find uniqueness Field in attributes",
|
"Cannot find uniqueness Field in attributes",
|
||||||
|
@ -48,8 +50,6 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer):
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
self._logger.debug(
|
self._logger.debug("Synced group", group=name, created=created)
|
||||||
"Synced group", group=name, created=created
|
|
||||||
)
|
|
||||||
group_count += 1
|
group_count += 1
|
||||||
return group_count
|
return group_count
|
||||||
|
|
|
@ -3,8 +3,8 @@ from typing import Any, Optional
|
||||||
|
|
||||||
import ldap3
|
import ldap3
|
||||||
import ldap3.core.exceptions
|
import ldap3.core.exceptions
|
||||||
|
|
||||||
from django.db.models import Q
|
from django.db.models import Q
|
||||||
|
|
||||||
from authentik.core.models import Group, User
|
from authentik.core.models import Group, User
|
||||||
from authentik.sources.ldap.auth import LDAP_DISTINGUISHED_NAME
|
from authentik.sources.ldap.auth import LDAP_DISTINGUISHED_NAME
|
||||||
from authentik.sources.ldap.models import LDAPSource
|
from authentik.sources.ldap.models import LDAPSource
|
||||||
|
@ -42,11 +42,13 @@ class MembershipLDAPSynchronizer(BaseLDAPSynchronizer):
|
||||||
continue
|
continue
|
||||||
|
|
||||||
users = User.objects.filter(
|
users = User.objects.filter(
|
||||||
Q(**{f"attributes__{LDAP_DISTINGUISHED_NAME}__in": members}) |
|
Q(**{f"attributes__{LDAP_DISTINGUISHED_NAME}__in": members})
|
||||||
Q(**{
|
| Q(
|
||||||
f"attributes__{LDAP_DISTINGUISHED_NAME}__isnull": True,
|
**{
|
||||||
"ak_groups__in": [ak_group]
|
f"attributes__{LDAP_DISTINGUISHED_NAME}__isnull": True,
|
||||||
})
|
"ak_groups__in": [ak_group],
|
||||||
|
}
|
||||||
|
)
|
||||||
)
|
)
|
||||||
membership_count += 1
|
membership_count += 1
|
||||||
membership_count += users.count()
|
membership_count += users.count()
|
||||||
|
|
|
@ -28,9 +28,8 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer):
|
||||||
)
|
)
|
||||||
user_count = 0
|
user_count = 0
|
||||||
for user in users:
|
for user in users:
|
||||||
self._logger.debug(user)
|
|
||||||
attributes = user.get("attributes", {})
|
attributes = user.get("attributes", {})
|
||||||
user_dn = self._flatten(user.get("entryDN", ""))
|
user_dn = self._flatten(user.get("entryDN", user.get("dn")))
|
||||||
if self._source.object_uniqueness_field not in attributes:
|
if self._source.object_uniqueness_field not in attributes:
|
||||||
self._logger.warning(
|
self._logger.warning(
|
||||||
"Cannot find uniqueness Field in attributes",
|
"Cannot find uniqueness Field in attributes",
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
"""LDAP Source tests"""
|
"""LDAP Source tests"""
|
||||||
from authentik.sources.ldap.tests.mock_slapd import mock_slapd_connection
|
|
||||||
from unittest.mock import PropertyMock, patch
|
from unittest.mock import PropertyMock, patch
|
||||||
|
|
||||||
from django.db.models import Q
|
from django.db.models import Q
|
||||||
|
@ -14,9 +13,11 @@ from authentik.sources.ldap.sync.membership import MembershipLDAPSynchronizer
|
||||||
from authentik.sources.ldap.sync.users import UserLDAPSynchronizer
|
from authentik.sources.ldap.sync.users import UserLDAPSynchronizer
|
||||||
from authentik.sources.ldap.tasks import ldap_sync_all
|
from authentik.sources.ldap.tasks import ldap_sync_all
|
||||||
from authentik.sources.ldap.tests.mock_ad import mock_ad_connection
|
from authentik.sources.ldap.tests.mock_ad import mock_ad_connection
|
||||||
|
from authentik.sources.ldap.tests.mock_slapd import mock_slapd_connection
|
||||||
|
|
||||||
LDAP_PASSWORD = generate_client_secret()
|
LDAP_PASSWORD = generate_client_secret()
|
||||||
|
|
||||||
|
|
||||||
class LDAPSyncTests(TestCase):
|
class LDAPSyncTests(TestCase):
|
||||||
"""LDAP Sync tests"""
|
"""LDAP Sync tests"""
|
||||||
|
|
||||||
|
|
Reference in a new issue