sources/ldap: use both entryDN and dn (for active-directory)

This commit is contained in:
Jens Langhammer 2021-02-05 15:17:57 +01:00
parent 2717742bd2
commit 83bf639926
4 changed files with 15 additions and 13 deletions

View File

@ -24,7 +24,9 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer):
group_count = 0
for group in groups:
attributes = group.get("attributes", {})
group_dn = self._flatten(group.get("entryDN", ""))
group_dn = self._flatten(
self._flatten(group.get("entryDN", group.get("dn")))
)
if self._source.object_uniqueness_field not in attributes:
self._logger.warning(
"Cannot find uniqueness Field in attributes",
@ -48,8 +50,6 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer):
},
}
)
self._logger.debug(
"Synced group", group=name, created=created
)
self._logger.debug("Synced group", group=name, created=created)
group_count += 1
return group_count

View File

@ -3,8 +3,8 @@ from typing import Any, Optional
import ldap3
import ldap3.core.exceptions
from django.db.models import Q
from authentik.core.models import Group, User
from authentik.sources.ldap.auth import LDAP_DISTINGUISHED_NAME
from authentik.sources.ldap.models import LDAPSource
@ -42,11 +42,13 @@ class MembershipLDAPSynchronizer(BaseLDAPSynchronizer):
continue
users = User.objects.filter(
Q(**{f"attributes__{LDAP_DISTINGUISHED_NAME}__in": members}) |
Q(**{
Q(**{f"attributes__{LDAP_DISTINGUISHED_NAME}__in": members})
| Q(
**{
f"attributes__{LDAP_DISTINGUISHED_NAME}__isnull": True,
"ak_groups__in": [ak_group]
})
"ak_groups__in": [ak_group],
}
)
)
membership_count += 1
membership_count += users.count()

View File

@ -28,9 +28,8 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer):
)
user_count = 0
for user in users:
self._logger.debug(user)
attributes = user.get("attributes", {})
user_dn = self._flatten(user.get("entryDN", ""))
user_dn = self._flatten(user.get("entryDN", user.get("dn")))
if self._source.object_uniqueness_field not in attributes:
self._logger.warning(
"Cannot find uniqueness Field in attributes",

View File

@ -1,5 +1,4 @@
"""LDAP Source tests"""
from authentik.sources.ldap.tests.mock_slapd import mock_slapd_connection
from unittest.mock import PropertyMock, patch
from django.db.models import Q
@ -14,9 +13,11 @@ from authentik.sources.ldap.sync.membership import MembershipLDAPSynchronizer
from authentik.sources.ldap.sync.users import UserLDAPSynchronizer
from authentik.sources.ldap.tasks import ldap_sync_all
from authentik.sources.ldap.tests.mock_ad import mock_ad_connection
from authentik.sources.ldap.tests.mock_slapd import mock_slapd_connection
LDAP_PASSWORD = generate_client_secret()
class LDAPSyncTests(TestCase):
"""LDAP Sync tests"""