sources/ldap: use both entryDN and dn (for active-directory)

authentik/sources/ldap/sync/groups.py

@@ -24,7 +24,9 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer):
         group_count = 0
         for group in groups:
             attributes = group.get("attributes", {})
-            group_dn = self._flatten(group.get("entryDN", ""))
+            group_dn = self._flatten(
+                self._flatten(group.get("entryDN", group.get("dn")))
+            )
             if self._source.object_uniqueness_field not in attributes:
                 self._logger.warning(
                     "Cannot find uniqueness Field in attributes",
@@ -48,8 +50,6 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer):
                     },
                 }
             )
-            self._logger.debug(
+            self._logger.debug("Synced group", group=name, created=created)
-                "Synced group", group=name, created=created
-            )
             group_count += 1
         return group_count

authentik/sources/ldap/sync/membership.py

@@ -3,8 +3,8 @@ from typing import Any, Optional
 
 import ldap3
 import ldap3.core.exceptions
-
 from django.db.models import Q
+
 from authentik.core.models import Group, User
 from authentik.sources.ldap.auth import LDAP_DISTINGUISHED_NAME
 from authentik.sources.ldap.models import LDAPSource
@@ -42,11 +42,13 @@ class MembershipLDAPSynchronizer(BaseLDAPSynchronizer):
                 continue
 
             users = User.objects.filter(
-                Q(**{f"attributes__{LDAP_DISTINGUISHED_NAME}__in": members}) |
+                Q(**{f"attributes__{LDAP_DISTINGUISHED_NAME}__in": members})
-                Q(**{
+                | Q(
-                    f"attributes__{LDAP_DISTINGUISHED_NAME}__isnull": True,
+                    **{
-                    "ak_groups__in": [ak_group]
+                        f"attributes__{LDAP_DISTINGUISHED_NAME}__isnull": True,
-                })
+                        "ak_groups__in": [ak_group],
+                    }
+                )
             )
             membership_count += 1
             membership_count += users.count()

authentik/sources/ldap/sync/users.py

@@ -28,9 +28,8 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer):
         )
         user_count = 0
         for user in users:
-            self._logger.debug(user)
             attributes = user.get("attributes", {})
-            user_dn = self._flatten(user.get("entryDN", ""))
+            user_dn = self._flatten(user.get("entryDN", user.get("dn")))
             if self._source.object_uniqueness_field not in attributes:
                 self._logger.warning(
                     "Cannot find uniqueness Field in attributes",

authentik/sources/ldap/tests/test_sync.py

@@ -1,5 +1,4 @@
 """LDAP Source tests"""
-from authentik.sources.ldap.tests.mock_slapd import mock_slapd_connection
 from unittest.mock import PropertyMock, patch
 
 from django.db.models import Q
@@ -14,9 +13,11 @@ from authentik.sources.ldap.sync.membership import MembershipLDAPSynchronizer
 from authentik.sources.ldap.sync.users import UserLDAPSynchronizer
 from authentik.sources.ldap.tasks import ldap_sync_all
 from authentik.sources.ldap.tests.mock_ad import mock_ad_connection
+from authentik.sources.ldap.tests.mock_slapd import mock_slapd_connection
 
 LDAP_PASSWORD = generate_client_secret()
 
+
 class LDAPSyncTests(TestCase):
     """LDAP Sync tests"""